From e48fef19cd0a09267ef0d926019a62cb420dfa01 Mon Sep 17 00:00:00 2001
From: kjuulh <contact@kjuulh.io>
Date: Sat, 4 Jun 2022 14:07:06 +0200
Subject: [PATCH] Added kubernetes cluster

---
 clank_kustomization_backup.yaml |   50 +
 main.tf                         |   52 +-
 modules/flux/main.tf            |  240 ++-
 terraform.tfstate               | 2820 +++++++------------------
 terraform.tfstate.backup        | 3434 +------------------------------
 5 files changed, 962 insertions(+), 5634 deletions(-)
 create mode 100644 clank_kustomization_backup.yaml

diff --git a/clank_kustomization_backup.yaml b/clank_kustomization_backup.yaml
new file mode 100644
index 0000000..d632240
--- /dev/null
+++ b/clank_kustomization_backup.yaml
@@ -0,0 +1,50 @@
+"apiVersion": "kustomize.config.k8s.io/v1beta1"
+"kind": "Kustomization"
+"patchesStrategicMerge":
+- |
+  apiVersion: apps/v1
+  kind: DaemonSet
+  metadata:
+    name: kured
+    namespace: kube-system
+  spec:
+    selector:
+      matchLabels:
+        name: kured
+    template:
+      metadata:
+        labels:
+          name: kured
+      spec:
+        serviceAccountName: kured
+        containers:
+          - name: kured
+            command:
+              - /usr/bin/kured
+              - --reboot-command=/usr/bin/systemctl reboot
+- |
+  apiVersion: apps/v1
+  kind: Deployment
+  metadata:
+    name: system-upgrade-controller
+    namespace: system-upgrade
+  spec:
+    template:
+      spec:
+        containers:
+          - name: system-upgrade-controller
+            volumeMounts:
+              - name: ca-certificates
+                mountPath: /var/lib/ca-certificates
+        volumes:
+          - name: ca-certificates
+            hostPath:
+              path: /var/lib/ca-certificates
+              type: Directory
+- "ccm.yaml"
+"resources":
+- "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/v1.12.1/ccm-networks.yaml"
+- "https://github.com/weaveworks/kured/releases/download/1.9.2/kured-1.9.2-dockerhub.yaml"
+- "https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml"
+- "https://raw.githubusercontent.com/hetznercloud/csi-driver/v1.6.0/deploy/kubernetes/hcloud-csi.yml"
+- "traefik_config.yaml"
diff --git a/main.tf b/main.tf
index a5d81ed..68a5011 100644
--- a/main.tf
+++ b/main.tf
@@ -1,10 +1,28 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    hcloud = {
+      source  = "hetznercloud/hcloud"
+      version = ">= 1.0.0"
+    }
+  }
+}
+
+provider "hcloud" {
+  token = var.hcloud_token
+}
+
 module "kube-hetzner" {
+  providers = {
+    hcloud = hcloud
+  }
+
   source = "kube-hetzner/kube-hetzner/hcloud"
 
   hcloud_token = var.hcloud_token
 
-  public_key  = ".keys/id_ed25519.pub"
-  private_key = ".keys/id_ed25519"
+  ssh_public_key  = file(".keys/id_ed25519.pub")
+  ssh_private_key = file(".keys/id_ed25519")
 
   network_region = "eu-central" # change to `us-east` if location is ash
   control_plane_nodepools = [
@@ -49,7 +67,7 @@ module "kube-hetzner" {
       location    = "nbg1",
       labels      = [],
       taints      = [],
-      count       = 1
+      count       = 0
     },
     {
       name        = "storage1",
@@ -61,13 +79,14 @@ module "kube-hetzner" {
       taints = [
         "server-usage=storage:NoSchedule"
       ],
-      count = 2
+      count = 1
     }
   ]
 
   load_balancer_type            = "lb11"
   load_balancer_location        = "fsn1"
   traefik_enabled               = true
+  traefik_additional_options = ["--log.level=DEBUG", "--tracing=true"]
   metrics_server_enabled        = true
   automatically_upgrade_k3s     = true
   initial_k3s_channel           = "stable"
@@ -95,10 +114,7 @@ module "kube-hetzner" {
     }
   ]
 
-  # If you want to configure additional Arguments for traefik, enter them here as a list and in the form of traefik CLI arguments; see https://doc.traefik.io/traefik/reference/static-configuration/cli/
-  # Example: traefik_additional_options = ["--log.level=DEBUG", "--tracing=true"]
-  traefik_additional_options = ["--tracing=true"]
-  enable_cert_manager        = true
+  enable_cert_manager        = false
 }
 
 module "dns" {
@@ -121,13 +137,13 @@ module "dns" {
   ]
 }
 
-module "flux" {
-  source    = "./modules/flux"
-  path      = "clank"
-  namespace = "flux-system"
-  url       = "ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git"
-  branch    = "main"
-
-  ssh_private_key_pem = file(".keys/id_clank")
-  ssh_public_key_pem = file(".keys/id_clank.pub")
-}
+#module "flux" {
+#  source    = "./modules/flux"
+#  path      = "clank"
+#  namespace = "flux-system"
+#  url       = "ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git"
+#  branch    = "main"
+#
+#  ssh_private_key_pem = file(".keys/id_clank")
+#  ssh_public_key_pem = file(".keys/id_clank.pub")
+#}
diff --git a/modules/flux/main.tf b/modules/flux/main.tf
index 3b74386..72c15ed 100644
--- a/modules/flux/main.tf
+++ b/modules/flux/main.tf
@@ -1,116 +1,128 @@
 # Install
 
-data "flux_install" "main" {
-  target_path    = var.path
-  network_policy = false
-  version        = "latest"
-}
-
-resource "kubernetes_namespace" "flux_system" {
-  metadata {
-    name = var.namespace
-  }
-
-  lifecycle {
-    ignore_changes = [
-      metadata[0].labels,
-    ]
-  }
-}
-
-resource "kubernetes_namespace" "prod" {
-  metadata {
-    name = "prod"
-  }
-
-  lifecycle {
-    ignore_changes = [
-      metadata[0].labels,
-    ]
-  }
-}
-
-data "kubectl_file_documents" "apply" {
-  content = data.flux_install.main.content
-}
-
-# Convert documents list to include parsed yaml data
-locals {
-  apply = [for v in data.kubectl_file_documents.apply.documents : {
-    data : yamldecode(v)
-    content : v
-    }
-  ]
-}
-
-# Apply manifests on the cluster
-resource "kubectl_manifest" "apply" {
-  for_each   = { for v in local.apply : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content }
-  depends_on = [kubernetes_namespace.flux_system]
-  yaml_body  = each.value
-}
-
-# Sync
-
-data "flux_sync" "main" {
-  target_path = var.path
-  url         = var.url
-  branch      = var.branch
-}
-
-# Split multi-doc YAML with
-# https://registry.terraform.io/providers/gavinbunney/kubectl/latest
-data "kubectl_file_documents" "sync" {
-  content = data.flux_sync.main.content
-}
-
-# Convert documents list to include parsed yaml data
-locals {
-  sync = [for v in data.kubectl_file_documents.sync.documents : {
-    data : yamldecode(v)
-    content : v
-    }
-  ]
-}
-
-# Apply manifests on the cluster
-resource "kubectl_manifest" "sync" {
-  for_each   = { for v in local.sync : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content }
-  depends_on = [kubernetes_namespace.flux_system]
-  yaml_body  = each.value
-}
-
-locals {
-  known_hosts = <<EOT
-git.front.kjuulh.io ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJdO0Tw0e/Fa78g1Xszc4oKaOPbTwl7RTAaGQb0TrV8
-git.front.kjuulh.io ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO61xoa0ON2Y8rpIB6R9PFxg9HUxMym8Z5I4vYUC+/UnzaDx9YUEGo3Vig9wBo6Hc2lAp0BIwH/d5d6uBBEIj/Y=
-EOT
-}
-
-# Generate a Kubernetes secret with the Git credentials
-resource "kubernetes_secret" "main" {
-  depends_on = [kubectl_manifest.apply]
-
-  metadata {
-    name      = data.flux_sync.main.secret
-    namespace = data.flux_sync.main.namespace
-  }
-
-  data = {
-    identity = var.ssh_private_key_pem
-    "identity.pub" = var.ssh_public_key_pem
-    #    identity       = <<EOT
-    #-----BEGIN OPENSSH PRIVATE KEY-----
-    #b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-    #QyNTUxOQAAACBYZYPLAjLRZhUHfk4yTLmiQTDmdWPIgZTI+dGLgpY/GAAAAJgGvLdRBry3
-    #UQAAAAtzc2gtZWQyNTUxOQAAACBYZYPLAjLRZhUHfk4yTLmiQTDmdWPIgZTI+dGLgpY/GA
-    #AAAEBmqJkdSt8H6HIVzV6Na8ukBOj4Bywd970sQVPWAz8Ug1hlg8sCMtFmFQd+TjJMuaJB
-    #MOZ1Y8iBlMj50YuClj8YAAAAEWNvbnRhY3RAa2p1dWxoLmlvAQIDBA==
-    #-----END OPENSSH PRIVATE KEY-----
-    #EOT
-    #    "identity.pub" = <<EOT
-    #ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFhlg8sCMtFmFQd+TjJMuaJBMOZ1Y8iBlMj50YuClj8Y contact@kjuulh.io
-    #EOT
-    known_hosts    = local.known_hosts
-  }
-}
+#data "flux_install" "main" {
+#  target_path    = var.path
+#  network_policy = false
+#  version        = "latest"
+#}
+#
+#resource "kubernetes_namespace" "flux_system" {
+#  metadata {
+#    name = var.namespace
+#  }
+#
+#  lifecycle {
+#    ignore_changes = [
+#      metadata[0].labels,
+#    ]
+#  }
+#}
+#
+#resource "kubernetes_namespace" "prod" {
+#  metadata {
+#    name = "prod"
+#  }
+#
+#  lifecycle {
+#    ignore_changes = [
+#      metadata[0].labels,
+#    ]
+#  }
+#}
+#
+#resource "kubernetes_namespace" "platform" {
+#  metadata {
+#    name = "platform"
+#  }
+#
+#  lifecycle {
+#    ignore_changes = [
+#      metadata[0].labels,
+#    ]
+#  }
+#}
+#
+#data "kubectl_file_documents" "apply" {
+#  content = data.flux_install.main.content
+#}
+#
+## Convert documents list to include parsed yaml data
+#locals {
+#  apply = [for v in data.kubectl_file_documents.apply.documents : {
+#    data : yamldecode(v)
+#    content : v
+#    }
+#  ]
+#}
+#
+## Apply manifests on the cluster
+#resource "kubectl_manifest" "apply" {
+#  for_each   = { for v in local.apply : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content }
+#  depends_on = [kubernetes_namespace.flux_system]
+#  yaml_body  = each.value
+#}
+#
+## Sync
+#
+#data "flux_sync" "main" {
+#  target_path = var.path
+#  url         = var.url
+#  branch      = var.branch
+#}
+#
+## Split multi-doc YAML with
+## https://registry.terraform.io/providers/gavinbunney/kubectl/latest
+#data "kubectl_file_documents" "sync" {
+#  content = data.flux_sync.main.content
+#}
+#
+## Convert documents list to include parsed yaml data
+#locals {
+#  sync = [for v in data.kubectl_file_documents.sync.documents : {
+#    data : yamldecode(v)
+#    content : v
+#    }
+#  ]
+#}
+#
+## Apply manifests on the cluster
+#resource "kubectl_manifest" "sync" {
+#  for_each   = { for v in local.sync : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content }
+#  depends_on = [kubernetes_namespace.flux_system]
+#  yaml_body  = each.value
+#}
+#
+#locals {
+#  known_hosts = <<EOT
+#git.front.kjuulh.io ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJdO0Tw0e/Fa78g1Xszc4oKaOPbTwl7RTAaGQb0TrV8
+#git.front.kjuulh.io ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO61xoa0ON2Y8rpIB6R9PFxg9HUxMym8Z5I4vYUC+/UnzaDx9YUEGo3Vig9wBo6Hc2lAp0BIwH/d5d6uBBEIj/Y=
+#EOT
+#}
+#
+## Generate a Kubernetes secret with the Git credentials
+#resource "kubernetes_secret" "main" {
+#  depends_on = [kubectl_manifest.apply]
+#
+#  metadata {
+#    name      = data.flux_sync.main.secret
+#    namespace = data.flux_sync.main.namespace
+#  }
+#
+#  data = {
+#    identity = var.ssh_private_key_pem
+#    "identity.pub" = var.ssh_public_key_pem
+#    #    identity       = <<EOT
+#    #-----BEGIN OPENSSH PRIVATE KEY-----
+#    #b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+#    #QyNTUxOQAAACBYZYPLAjLRZhUHfk4yTLmiQTDmdWPIgZTI+dGLgpY/GAAAAJgGvLdRBry3
+#    #UQAAAAtzc2gtZWQyNTUxOQAAACBYZYPLAjLRZhUHfk4yTLmiQTDmdWPIgZTI+dGLgpY/GA
+#    #AAAEBmqJkdSt8H6HIVzV6Na8ukBOj4Bywd970sQVPWAz8Ug1hlg8sCMtFmFQd+TjJMuaJB
+#    #MOZ1Y8iBlMj50YuClj8YAAAAEWNvbnRhY3RAa2p1dWxoLmlvAQIDBA==
+#    #-----END OPENSSH PRIVATE KEY-----
+#    #EOT
+#    #    "identity.pub" = <<EOT
+#    #ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFhlg8sCMtFmFQd+TjJMuaJBMOZ1Y8iBlMj50YuClj8Y contact@kjuulh.io
+#    #EOT
+#    known_hosts    = local.known_hosts
+#  }
+#}
diff --git a/terraform.tfstate b/terraform.tfstate
index e617422..6220985 100644
--- a/terraform.tfstate
+++ b/terraform.tfstate
@@ -1,8 +1,8 @@
 {
   "version": 4,
-  "terraform_version": "1.1.7",
-  "serial": 196,
-  "lineage": "04d648e3-bdd4-2cef-384a-6564647940db",
+  "terraform_version": "1.2.0",
+  "serial": 167,
+  "lineage": "f11a6304-aea4-5304-f584-cf21c8436f1c",
   "outputs": {},
   "resources": [
     {
@@ -17,17 +17,17 @@
           "schema_version": 2,
           "attributes": {
             "allow_overwrite": false,
-            "created_on": "2022-05-08T13:48:54.289798Z",
+            "created_on": "2022-06-04T12:03:52.731592Z",
             "data": [],
             "hostname": "*.kjuulh.app",
-            "id": "7234597988434057f1bc0630efada29b",
+            "id": "8016ec2af70cfc7830f5221887bb2df6",
             "metadata": {
               "auto_added": "false",
               "managed_by_apps": "false",
               "managed_by_argo_tunnel": "false",
               "source": "primary"
             },
-            "modified_on": "2022-05-08T13:48:54.289798Z",
+            "modified_on": "2022-06-04T12:03:52.731592Z",
             "name": "*.kjuulh.app",
             "priority": null,
             "proxiable": true,
@@ -35,7 +35,7 @@
             "timeouts": null,
             "ttl": 3600,
             "type": "A",
-            "value": "49.12.19.255",
+            "value": "49.12.22.84",
             "zone_id": "9454b35cb1010b9eab9aadf206fdf11f"
           },
           "sensitive_attributes": [],
@@ -55,11 +55,13 @@
             "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
             "module.kube-hetzner.module.control_planes.hcloud_server.server",
             "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
+            "module.kube-hetzner.module.control_planes.random_string.identity_file",
             "module.kube-hetzner.module.control_planes.random_string.server",
             "module.kube-hetzner.null_resource.control_planes",
             "module.kube-hetzner.null_resource.first_control_plane",
             "module.kube-hetzner.null_resource.kustomization",
-            "module.kube-hetzner.random_password.k3s_token"
+            "module.kube-hetzner.random_password.k3s_token",
+            "module.kube-hetzner.random_password.rancher_bootstrap"
           ]
         },
         {
@@ -67,17 +69,17 @@
           "schema_version": 2,
           "attributes": {
             "allow_overwrite": false,
-            "created_on": "2022-05-08T13:48:54.199417Z",
+            "created_on": "2022-06-04T12:03:53.069218Z",
             "data": [],
             "hostname": "kjuulh.app",
-            "id": "5bc099d554ee71ea6ce63f76a4531e77",
+            "id": "9083ba58d7b0a13ffd825c9c088ec607",
             "metadata": {
               "auto_added": "false",
               "managed_by_apps": "false",
               "managed_by_argo_tunnel": "false",
               "source": "primary"
             },
-            "modified_on": "2022-05-08T13:48:54.199417Z",
+            "modified_on": "2022-06-04T12:03:53.069218Z",
             "name": "kjuulh.app",
             "priority": null,
             "proxiable": true,
@@ -85,7 +87,7 @@
             "timeouts": null,
             "ttl": 3600,
             "type": "A",
-            "value": "49.12.19.255",
+            "value": "49.12.22.84",
             "zone_id": "9454b35cb1010b9eab9aadf206fdf11f"
           },
           "sensitive_attributes": [],
@@ -105,1217 +107,13 @@
             "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
             "module.kube-hetzner.module.control_planes.hcloud_server.server",
             "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
+            "module.kube-hetzner.module.control_planes.random_string.identity_file",
             "module.kube-hetzner.module.control_planes.random_string.server",
             "module.kube-hetzner.null_resource.control_planes",
             "module.kube-hetzner.null_resource.first_control_plane",
             "module.kube-hetzner.null_resource.kustomization",
-            "module.kube-hetzner.random_password.k3s_token"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.flux",
-      "mode": "data",
-      "type": "flux_install",
-      "name": "main",
-      "provider": "module.flux.provider[\"registry.terraform.io/fluxcd/flux\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "baseurl": "https://github.com/fluxcd/flux2/releases",
-            "cluster_domain": "cluster.local",
-            "components": null,
-            "components_extra": null,
-            "content": "---\n# This manifest was generated by flux. DO NOT EDIT.\n# Flux Version: latest\n# Components: source-controller,kustomize-controller,helm-controller,notification-controller\napiVersion: v1\nkind: Namespace\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    pod-security.kubernetes.io/warn: restricted\n    pod-security.kubernetes.io/warn-version: latest\n  name: flux-system\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: alerts.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Alert\n    listKind: AlertList\n    plural: alerts\n    singular: alert\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Alert is the Schema for the alerts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: AlertSpec defines an alerting rule for events involving a\n              list of objects\n            properties:\n              eventSeverity:\n                default: info\n                description: Filter events based on severity, defaults to ('info').\n                  If set to 'info' no events will be filtered.\n                enum:\n                - info\n                - error\n                type: string\n              eventSources:\n                description: Filter events based on the involved objects.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              exclusionList:\n                description: A list of Golang regular expressions to be used for excluding\n                  messages.\n                items:\n                  type: string\n                type: array\n              providerRef:\n                description: Send events using this provider.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              summary:\n                description: Short description of the impact and affected cluster.\n                type: string\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events dispatching. Defaults to false.\n                type: boolean\n            required:\n            - eventSources\n            - providerRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: AlertStatus defines the observed state of Alert\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: buckets.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: Bucket\n    listKind: BucketList\n    plural: buckets\n    singular: bucket\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec defines the desired state of an S3 compatible\n              bucket\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: The bucket name.\n                type: string\n              endpoint:\n                description: The bucket endpoint address.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.\n                type: boolean\n              interval:\n                description: The interval at which to check for bucket updates.\n                type: string\n              provider:\n                default: generic\n                description: The S3 compatible storage provider name, default ('generic').\n                enum:\n                - generic\n                - aws\n                - gcp\n                type: string\n              region:\n                description: The bucket region.\n                type: string\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for download operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus defines the observed state of a bucket\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  Bucket sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last Bucket sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec specifies the required configuration to produce\n              an Artifact for an object storage bucket.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: BucketName is the name of the object storage bucket.\n                type: string\n              endpoint:\n                description: Endpoint is the object storage address the BucketName\n                  is located at.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS HTTP Endpoint.\n                type: boolean\n              interval:\n                description: Interval at which to check the Endpoint for updates.\n                type: string\n              provider:\n                default: generic\n                description: Provider of the object storage bucket. Defaults to 'generic',\n                  which expects an S3 (API) compatible object storage.\n                enum:\n                - generic\n                - aws\n                - gcp\n                - azure\n                type: string\n              region:\n                description: Region of the Endpoint where the BucketName is located\n                  in.\n                type: string\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this Bucket.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for fetch operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus records the observed state of a Bucket.\n            properties:\n              artifact:\n                description: Artifact represents the last successful Bucket reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the Bucket object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: gitrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: GitRepository\n    listKind: GitRepositoryList\n    plural: gitrepositories\n    shortNames:\n    - gitrepo\n    singular: gitrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec defines the desired state of a Git repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: Determines which git client library to use. Defaults\n                  to go-git, valid values are ('go-git', 'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Extra git repositories to map into the repository\n                items:\n                  description: GitRepositoryInclude defines a source with a from and\n                    to path.\n                  properties:\n                    fromPath:\n                      description: The path to copy contents from, defaults to the\n                        root directory.\n                      type: string\n                    repository:\n                      description: Reference to a GitRepository to include.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: The path to copy contents to, defaults to the name\n                        of the source ref.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to check for repository updates.\n                type: string\n              recurseSubmodules:\n                description: When enabled, after the clone is created, initializes\n                  all submodules within, using their default settings. This option\n                  is available only when using the 'go-git' GitImplementation.\n                type: boolean\n              ref:\n                description: The Git reference to checkout and monitor for changes,\n                  defaults to master branch.\n                properties:\n                  branch:\n                    description: The Git branch to checkout, defaults to master.\n                    type: string\n                  commit:\n                    description: The Git commit SHA to checkout, if specified Tag\n                      filters will be ignored.\n                    type: string\n                  semver:\n                    description: The Git tag semver expression, takes precedence over\n                      Tag.\n                    type: string\n                  tag:\n                    description: The Git tag to checkout, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: The secret name containing the Git credentials. For HTTPS\n                  repositories the secret must contain username and password fields.\n                  For SSH repositories the secret must contain identity and known_hosts\n                  fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for remote Git operations like cloning, defaults\n                  to 60s.\n                type: string\n              url:\n                description: The repository URL, can be a HTTP/S or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verify OpenPGP signature for the Git commit HEAD points\n                  to.\n                properties:\n                  mode:\n                    description: Mode describes what git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: The secret name containing the public keys of all\n                      trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus defines the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts represents the included artifacts from\n                  the last successful repository sync.\n                items:\n                  description: Artifact represents the output of a source synchronisation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the artifact.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of this artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of this artifact.\n                      type: string\n                    revision:\n                      description: Revision is a human readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm index timestamp, a Helm chart version, etc.\n                      type: string\n                    url:\n                      description: URL is the HTTP address of this artifact.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last repository sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec specifies the required configuration to\n              produce an Artifact for a Git repository.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: GitImplementation specifies which Git client library\n                  implementation to use. Defaults to 'go-git', valid values are ('go-git',\n                  'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Include specifies a list of GitRepository resources which\n                  Artifacts should be included in the Artifact produced for this GitRepository.\n                items:\n                  description: GitRepositoryInclude specifies a local reference to\n                    a GitRepository which Artifact (sub-)contents must be included,\n                    and where they should be placed.\n                  properties:\n                    fromPath:\n                      description: FromPath specifies the path to copy contents from,\n                        defaults to the root of the Artifact.\n                      type: string\n                    repository:\n                      description: GitRepositoryRef specifies the GitRepository which\n                        Artifact contents must be included.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: ToPath specifies the path to copy contents to,\n                        defaults to the name of the GitRepositoryRef.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: Interval at which to check the GitRepository for updates.\n                type: string\n              recurseSubmodules:\n                description: RecurseSubmodules enables the initialization of all submodules\n                  within the GitRepository as cloned from the URL, using their default\n                  settings. This option is available only when using the 'go-git'\n                  GitImplementation.\n                type: boolean\n              ref:\n                description: Reference specifies the Git reference to resolve and\n                  monitor for changes, defaults to the 'master' branch.\n                properties:\n                  branch:\n                    description: \"Branch to check out, defaults to 'master' if no\n                      other field is defined. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', a shallow clone of the specified branch\n                      is performed.\"\n                    type: string\n                  commit:\n                    description: \"Commit SHA to check out, takes precedence over all\n                      reference fields. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', this can be combined with Branch to shallow\n                      clone the branch, in which the commit is expected to exist.\"\n                    type: string\n                  semver:\n                    description: SemVer tag expression to check out, takes precedence\n                      over Tag.\n                    type: string\n                  tag:\n                    description: Tag to check out, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the GitRepository. For HTTPS repositories the Secret\n                  must contain 'username' and 'password' fields. For SSH repositories\n                  the Secret must contain 'identity' and 'known_hosts' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this GitRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for Git operations like cloning, defaults to\n                  60s.\n                type: string\n              url:\n                description: URL specifies the Git repository URL, it can be an HTTP/S\n                  or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verification specifies the configuration to verify the\n                  Git commit signature(s).\n                properties:\n                  mode:\n                    description: Mode specifies what Git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: SecretRef specifies the Secret containing the public\n                      keys of trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus records the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful GitRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts contains a list of the last successfully\n                  included Artifacts as instructed by GitRepositorySpec.Include.\n                items:\n                  description: Artifact represents the output of a Source reconciliation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the Artifact\n                        file.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of the Artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of the Artifact.\n                        It can be used to locate the file in the root of the Artifact\n                        storage on the local file system of the controller managing\n                        the Source.\n                      type: string\n                    revision:\n                      description: Revision is a human-readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm chart version, etc.\n                      type: string\n                    size:\n                      description: Size is the number of bytes in the file.\n                      format: int64\n                      type: integer\n                    url:\n                      description: URL is the HTTP address of the Artifact as exposed\n                        by the controller managing the Source. It can be used to retrieve\n                        the Artifact for consumption, e.g. by another controller applying\n                        the Artifact contents.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the GitRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise GitRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmcharts.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmChart\n    listKind: HelmChartList\n    plural: helmcharts\n    shortNames:\n    - hc\n    singular: helmchart\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec defines the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: The name or path the Helm chart is available at in the\n                  SourceRef.\n                type: string\n              interval:\n                description: The interval at which to check the Source for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: Determines what enables the creation of a new artifact.\n                  Valid values are ('ChartVersion', 'Revision'). See the documentation\n                  of the values for an explanation on their behavior. Defaults to\n                  ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: The reference to the Source the chart is available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: Alternative values file to use as the default chart values,\n                  expected to be a relative path in the SourceRef. Deprecated in favor\n                  of ValuesFiles, for backwards compatibility the file defined here\n                  is merged before the ValuesFiles items. Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: Alternative list of values files to use as the chart\n                  values (values.yaml is not included by default), expected to be\n                  a relative path in the SourceRef. Values files are merged in the\n                  order of this list with the last file overriding the first. Ignored\n                  when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: The chart version semver expression, ignored for charts\n                  from GitRepository and Bucket sources. Defaults to latest when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus defines the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  chart sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last chart pulled.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec specifies the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: Chart is the name or path the Helm chart is available\n                  at in the SourceRef.\n                type: string\n              interval:\n                description: Interval is the interval at which to check the Source\n                  for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: ReconcileStrategy determines what enables the creation\n                  of a new artifact. Valid values are ('ChartVersion', 'Revision').\n                  See the documentation of the values for an explanation on their\n                  behavior. Defaults to ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: SourceRef is the reference to the Source the chart is\n                  available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: ValuesFile is an alternative values file to use as the\n                  default chart values, expected to be a relative path in the SourceRef.\n                  Deprecated in favor of ValuesFiles, for backwards compatibility\n                  the file specified here is merged before the ValuesFiles items.\n                  Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: ValuesFiles is an alternative list of values files to\n                  use as the chart values (values.yaml is not included by default),\n                  expected to be a relative path in the SourceRef. Values files are\n                  merged in the order of this list with the last file overriding the\n                  first. Ignored when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: Version is the chart version semver expression, ignored\n                  for charts from GitRepository and Bucket sources. Defaults to latest\n                  when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus records the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedChartName:\n                description: ObservedChartName is the last observed chart name as\n                  specified by the resolved chart reference.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmChart object.\n                format: int64\n                type: integer\n              observedSourceArtifactRevision:\n                description: ObservedSourceArtifactRevision is the last observed Artifact.Revision\n                  of the HelmChartSpec.SourceRef.\n                type: string\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmreleases.helm.toolkit.fluxcd.io\nspec:\n  group: helm.toolkit.fluxcd.io\n  names:\n    kind: HelmRelease\n    listKind: HelmReleaseList\n    plural: helmreleases\n    shortNames:\n    - hr\n    singular: helmrelease\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v2beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRelease is the Schema for the helmreleases API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmReleaseSpec defines the desired state of a Helm release.\n            properties:\n              chart:\n                description: Chart defines the template of the v1beta2.HelmChart that\n                  should be created for this HelmRelease.\n                properties:\n                  spec:\n                    description: Spec holds the template for the v1beta2.HelmChartSpec\n                      for this HelmRelease.\n                    properties:\n                      chart:\n                        description: The name or path the Helm chart is available\n                          at in the SourceRef.\n                        type: string\n                      interval:\n                        description: Interval at which to check the v1beta2.Source\n                          for updates. Defaults to 'HelmReleaseSpec.Interval'.\n                        type: string\n                      reconcileStrategy:\n                        default: ChartVersion\n                        description: Determines what enables the creation of a new\n                          artifact. Valid values are ('ChartVersion', 'Revision').\n                          See the documentation of the values for an explanation on\n                          their behavior. Defaults to ChartVersion when omitted.\n                        enum:\n                        - ChartVersion\n                        - Revision\n                        type: string\n                      sourceRef:\n                        description: The name and namespace of the v1beta2.Source\n                          the chart is available at.\n                        properties:\n                          apiVersion:\n                            description: APIVersion of the referent.\n                            type: string\n                          kind:\n                            description: Kind of the referent.\n                            enum:\n                            - HelmRepository\n                            - GitRepository\n                            - Bucket\n                            type: string\n                          name:\n                            description: Name of the referent.\n                            maxLength: 253\n                            minLength: 1\n                            type: string\n                          namespace:\n                            description: Namespace of the referent.\n                            maxLength: 63\n                            minLength: 1\n                            type: string\n                        required:\n                        - name\n                        type: object\n                      valuesFile:\n                        description: Alternative values file to use as the default\n                          chart values, expected to be a relative path in the SourceRef.\n                          Deprecated in favor of ValuesFiles, for backwards compatibility\n                          the file defined here is merged before the ValuesFiles items.\n                          Ignored when omitted.\n                        type: string\n                      valuesFiles:\n                        description: Alternative list of values files to use as the\n                          chart values (values.yaml is not included by default), expected\n                          to be a relative path in the SourceRef. Values files are\n                          merged in the order of this list with the last file overriding\n                          the first. Ignored when omitted.\n                        items:\n                          type: string\n                        type: array\n                      version:\n                        default: '*'\n                        description: Version semver expression, ignored for charts\n                          from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults\n                          to latest when omitted.\n                        type: string\n                    required:\n                    - chart\n                    - sourceRef\n                    type: object\n                required:\n                - spec\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to HelmRelease resources that must be ready\n                  before this HelmRelease can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              install:\n                description: Install holds the configuration for Helm install actions\n                  for this HelmRelease.\n                properties:\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Create`\n                      and if omitted CRDs are installed but not updated. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are applied (installed) during Helm install action. With this\n                      option users can opt-in to CRD replace existing CRDs on Helm\n                      install actions, which is not (yet) natively supported by Helm.\n                      https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  createNamespace:\n                    description: CreateNamespace tells the Helm install action to\n                      create the HelmReleaseSpec.TargetNamespace if it does not exist\n                      yet. On uninstall, the namespace will not be garbage collected.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm install action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm install\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm install has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm install has been performed.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm install action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an install\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false'.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          an uninstall, is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                    type: object\n                  replace:\n                    description: Replace tells the Helm install action to re-use the\n                      'ReleaseName', but only if that name is a deleted release which\n                      remains in the history.\n                    type: boolean\n                  skipCRDs:\n                    description: \"SkipCRDs tells the Helm install action to not install\n                      any CRDs. By default, CRDs are installed if not already present.\n                      \\n Deprecated use CRD policy (`crds`) attribute with value `Skip`\n                      instead.\"\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              interval:\n                description: Interval at which to reconcile the Helm release.\n                type: string\n              kubeConfig:\n                description: KubeConfig for reconciling the HelmRelease on a remote\n                  cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a key with the kubeconfig file as the value. If no key is specified\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the HelmRelease. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the HelmRelease.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              maxHistory:\n                description: MaxHistory is the number of revisions saved by Helm for\n                  this HelmRelease. Use '0' for an unlimited number of revisions;\n                  defaults to '10'.\n                type: integer\n              postRenderers:\n                description: PostRenderers holds an array of Helm PostRenderers, which\n                  will be applied in order of their definition.\n                items:\n                  description: PostRenderer contains a Helm PostRenderer specification.\n                  properties:\n                    kustomize:\n                      description: Kustomization to apply as PostRenderer.\n                      properties:\n                        images:\n                          description: Images is a list of (image name, new name,\n                            new tag or digest) for changing image names, tags or digests.\n                            This can also be achieved with a patch, but this operator\n                            is simpler to specify.\n                          items:\n                            description: Image contains an image name, a new name,\n                              a new tag or digest, which will replace the original\n                              name and tag.\n                            properties:\n                              digest:\n                                description: Digest is the value used to replace the\n                                  original image tag. If digest is present NewTag\n                                  value is ignored.\n                                type: string\n                              name:\n                                description: Name is a tag-less image name.\n                                type: string\n                              newName:\n                                description: NewName is the value used to replace\n                                  the original name.\n                                type: string\n                              newTag:\n                                description: NewTag is the value used to replace the\n                                  original tag.\n                                type: string\n                            required:\n                            - name\n                            type: object\n                          type: array\n                        patches:\n                          description: Strategic merge and JSON patches, defined as\n                            inline YAML objects, capable of targeting objects based\n                            on kind, label and annotation selectors.\n                          items:\n                            description: Patch contains an inline StrategicMerge or\n                              JSON6902 patch, and the target the patch should be applied\n                              to.\n                            properties:\n                              patch:\n                                description: Patch contains an inline StrategicMerge\n                                  patch or an inline JSON6902 patch with an array\n                                  of operation objects.\n                                type: string\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            type: object\n                          type: array\n                        patchesJson6902:\n                          description: JSON 6902 patches, defined as inline YAML objects.\n                          items:\n                            description: JSON6902Patch contains a JSON6902 patch and\n                              the target the patch should be applied to.\n                            properties:\n                              patch:\n                                description: Patch contains the JSON6902 patch document\n                                  with an array of operation objects.\n                                items:\n                                  description: JSON6902 is a JSON6902 operation object.\n                                    https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                  properties:\n                                    from:\n                                      description: From contains a JSON-pointer value\n                                        that references a location within the target\n                                        document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      type: string\n                                    op:\n                                      description: Op indicates the operation to perform.\n                                        Its value MUST be one of \"add\", \"remove\",\n                                        \"replace\", \"move\", \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                      enum:\n                                      - test\n                                      - remove\n                                      - add\n                                      - replace\n                                      - move\n                                      - copy\n                                      type: string\n                                    path:\n                                      description: Path contains the JSON-pointer\n                                        value that references a location within the\n                                        target document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op.\n                                      type: string\n                                    value:\n                                      description: Value contains a valid JSON structure.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      x-kubernetes-preserve-unknown-fields: true\n                                  required:\n                                  - op\n                                  - path\n                                  type: object\n                                type: array\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            required:\n                            - patch\n                            - target\n                            type: object\n                          type: array\n                        patchesStrategicMerge:\n                          description: Strategic merge patches, defined as inline\n                            YAML objects.\n                          items:\n                            x-kubernetes-preserve-unknown-fields: true\n                          type: array\n                      type: object\n                  type: object\n                type: array\n              releaseName:\n                description: ReleaseName used for the Helm release. Defaults to a\n                  composition of '[TargetNamespace-]Name'.\n                maxLength: 53\n                minLength: 1\n                type: string\n              rollback:\n                description: Rollback holds the configuration for Helm rollback actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm rollback action when it fails.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm rollback has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm rollback has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  recreate:\n                    description: Recreate performs pod restarts for the resource if\n                      applicable.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this HelmRelease.\n                type: string\n              storageNamespace:\n                description: StorageNamespace used for the Helm storage. Defaults\n                  to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              suspend:\n                description: Suspend tells the controller to suspend reconciliation\n                  for this HelmRelease, it does not apply to already started reconciliations.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace to target when performing operations\n                  for the HelmRelease. Defaults to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              test:\n                description: Test holds the configuration for Helm test actions for\n                  this HelmRelease.\n                properties:\n                  enable:\n                    description: Enable enables Helm test actions for this HelmRelease\n                      after an Helm install or upgrade action has been performed.\n                    type: boolean\n                  ignoreFailures:\n                    description: IgnoreFailures tells the controller to skip remediation\n                      when the Helm tests are run but fail. Can be overwritten for\n                      tests run after install or upgrade actions in 'Install.IgnoreTestFailures'\n                      and 'Upgrade.IgnoreTestFailures'.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation during the performance of a Helm test action. Defaults\n                      to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              timeout:\n                description: Timeout is the time to wait for any individual Kubernetes\n                  operation (like Jobs for hooks) during the performance of a Helm\n                  action. Defaults to '5m0s'.\n                type: string\n              uninstall:\n                description: Uninstall holds the configuration for Helm uninstall\n                  actions for this HelmRelease.\n                properties:\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables waiting for all the resources\n                      to be deleted after a Helm uninstall is performed.\n                    type: boolean\n                  keepHistory:\n                    description: KeepHistory tells Helm to remove all associated resources\n                      and mark the release as deleted, but retain the release history.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              upgrade:\n                description: Upgrade holds the configuration for Helm upgrade actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm upgrade action when it fails.\n                    type: boolean\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and\n                      if omitted CRDs are neither installed nor upgraded. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are not applied during Helm upgrade action. With this option\n                      users can opt-in to CRD upgrade, which is not (yet) natively\n                      supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm upgrade action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm upgrade\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm upgrade has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm upgrade has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  preserveValues:\n                    description: PreserveValues will make Helm reuse the last release's\n                      values and merge in overrides from 'Values'. Setting this flag\n                      makes the HelmRelease non-declarative.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm upgrade action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an upgrade\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false' unless 'Retries' is greater than 0.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          'Strategy', is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                      strategy:\n                        description: Strategy to use for failure remediation. Defaults\n                          to 'rollback'.\n                        enum:\n                        - rollback\n                        - uninstall\n                        type: string\n                    type: object\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              values:\n                description: Values holds the values for this Helm release.\n                x-kubernetes-preserve-unknown-fields: true\n              valuesFrom:\n                description: ValuesFrom holds references to resources containing Helm\n                  values for this HelmRelease, and information about how they should\n                  be merged.\n                items:\n                  description: ValuesReference contains a reference to a resource\n                    containing Helm values, and optionally the key they can be found\n                    at.\n                  properties:\n                    kind:\n                      description: Kind of the values referent, valid values are ('Secret',\n                        'ConfigMap').\n                      enum:\n                      - Secret\n                      - ConfigMap\n                      type: string\n                    name:\n                      description: Name of the values referent. Should reside in the\n                        same namespace as the referring resource.\n                      maxLength: 253\n                      minLength: 1\n                      type: string\n                    optional:\n                      description: Optional marks this ValuesReference as optional.\n                        When set, a not found error for the values reference is ignored,\n                        but any ValuesKey, TargetPath or transient error will still\n                        result in a reconciliation failure.\n                      type: boolean\n                    targetPath:\n                      description: TargetPath is the YAML dot notation path the value\n                        should be merged at. When set, the ValuesKey is expected to\n                        be a single flat value. Defaults to 'None', which results\n                        in the values getting merged at the root.\n                      type: string\n                    valuesKey:\n                      description: ValuesKey is the data key where the values.yaml\n                        or a specific value can be found at. Defaults to 'values.yaml'.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n            required:\n            - chart\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmReleaseStatus defines the observed state of a HelmRelease.\n            properties:\n              conditions:\n                description: Conditions holds the conditions for the HelmRelease.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              failures:\n                description: Failures is the reconciliation failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              helmChart:\n                description: HelmChart is the namespaced name of the HelmChart resource\n                  created by the controller for the HelmRelease.\n                type: string\n              installFailures:\n                description: InstallFailures is the install failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              lastAppliedRevision:\n                description: LastAppliedRevision is the revision of the last successfully\n                  applied source.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastAttemptedValuesChecksum:\n                description: LastAttemptedValuesChecksum is the SHA1 checksum of the\n                  values of the last reconciliation attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              lastReleaseRevision:\n                description: LastReleaseRevision is the revision of the last successful\n                  Helm release.\n                type: integer\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              upgradeFailures:\n                description: UpgradeFailures is the upgrade failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmRepository\n    listKind: HelmRepositoryList\n    plural: helmrepositories\n    shortNames:\n    - helmrepo\n    singular: helmrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec defines the reference to a Helm repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: The interval at which to check the upstream for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Helm repository. For HTTP/S basic auth the secret must contain\n                  username and password fields. For TLS the secret must contain a\n                  certFile and keyFile, and/or caCert fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout of index downloading, defaults to 60s.\n                type: string\n              url:\n                description: The Helm repository URL, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus defines the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last index fetched.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec specifies the required configuration to\n              produce an Artifact for a Helm repository index YAML.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: Interval at which to check the URL for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the HelmRepository. For HTTP/S basic auth the secret\n                  must contain 'username' and 'password' fields. For TLS the secret\n                  must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this HelmRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout of the index fetch operation, defaults to 60s.\n                type: string\n              url:\n                description: URL of the Helm repository, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus records the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful HelmRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise HelmRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomizations.kustomize.toolkit.fluxcd.io\nspec:\n  group: kustomize.toolkit.fluxcd.io\n  names:\n    kind: Kustomization\n    listKind: KustomizationList\n    plural: kustomizations\n    shortNames:\n    - ks\n    singular: kustomization\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the desired state of a kustomization.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When specified, KubeConfig takes precedence over\n                  ServiceAccountName.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a 'value' key with the kubeconfig file as the value. It must\n                      be in the same namespace as the Kustomization. It is recommended\n                      that the kubeconfig is self-contained, and the secret is regularly\n                      updated if credentials such as a cloud-access-token expire.\n                      Cloud specific `cmd-path` auth helpers will not function without\n                      adding binaries and credentials to the Pod that is responsible\n                      for reconciling the Kustomization.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: JSON 6902 patches, defined as inline YAML objects.\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: Strategic merge patches, defined as inline YAML objects.\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent\n                    type: string\n                  kind:\n                    description: Kind of the referent\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the Kustomization\n                      namespace\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: Validate the Kubernetes objects before applying them\n                  on the cluster. The validation strategy can be 'client' (local dry-run),\n                  'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',\n                  validation will fallback to 'client' if set to 'server' because\n                  server-side validation is not supported in this scenario.\n                enum:\n                - none\n                - client\n                - server\n                type: string\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n              snapshot:\n                description: The last successfully applied revision metadata.\n                properties:\n                  checksum:\n                    description: The manifests sha1 checksum.\n                    type: string\n                  entries:\n                    description: A list of Kubernetes kinds grouped by namespace.\n                    items:\n                      description: Snapshot holds the metadata of namespaced Kubernetes\n                        objects\n                      properties:\n                        kinds:\n                          additionalProperties:\n                            type: string\n                          description: The list of Kubernetes kinds.\n                          type: object\n                        namespace:\n                          description: The namespace of this entry.\n                          type: string\n                      required:\n                      - kinds\n                      type: object\n                    type: array\n                required:\n                - checksum\n                - entries\n                type: object\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the configuration to calculate\n              the desired state from a Source using Kustomize.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name of a secret that contains\n                      a key with the kubeconfig file as the value. If no key is set,\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the Kustomization. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the Kustomization.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:\n                  Use Patches instead.'\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: 'Strategic merge patches, defined as inline YAML objects.\n                  Deprecated: Use Patches instead.'\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                        optional:\n                          default: false\n                          description: Optional indicates whether the referenced resource\n                            must exist, or whether to tolerate its absence. If true\n                            and the referenced resource is absent, proceed as if the\n                            resource was present but empty, without any variables\n                            defined.\n                          type: boolean\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent.\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the namespace\n                      of the Kubernetes resource object that contains the reference.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: 'Deprecated: Not used in v1beta2.'\n                enum:\n                - none\n                - client\n                - server\n                type: string\n              wait:\n                description: Wait instructs the controller to check the health of\n                  all the reconciled resources. When enabled, the HealthChecks are\n                  ignored. Defaults to false.\n                type: boolean\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              inventory:\n                description: Inventory contains the list of Kubernetes resource object\n                  references that have been successfully applied.\n                properties:\n                  entries:\n                    description: Entries of Kubernetes resource object references.\n                    items:\n                      description: ResourceRef contains the information necessary\n                        to locate a resource within a cluster.\n                      properties:\n                        id:\n                          description: ID is the string representation of the Kubernetes\n                            resource object's metadata, in the format '\u003cnamespace\u003e_\u003cname\u003e_\u003cgroup\u003e_\u003ckind\u003e'.\n                          type: string\n                        v:\n                          description: Version is the API version of the Kubernetes\n                            resource object's kind.\n                          type: string\n                      required:\n                      - id\n                      - v\n                      type: object\n                    type: array\n                required:\n                - entries\n                type: object\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: providers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Provider\n    listKind: ProviderList\n    plural: providers\n    singular: provider\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Provider is the Schema for the providers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ProviderSpec defines the desired state of Provider\n            properties:\n              address:\n                description: HTTP/S webhook address of this provider\n                pattern: ^(http|https)://\n                type: string\n              certSecretRef:\n                description: CertSecretRef can be given the name of a secret containing\n                  a PEM-encoded CA certificate (`caFile`)\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              channel:\n                description: Alert channel for this provider\n                type: string\n              proxy:\n                description: HTTP/S address of the proxy\n                pattern: ^(http|https)://\n                type: string\n              secretRef:\n                description: Secret reference containing the provider webhook URL\n                  using \"address\" as data key\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of provider\n                enum:\n                - slack\n                - discord\n                - msteams\n                - rocket\n                - generic\n                - github\n                - gitlab\n                - bitbucket\n                - azuredevops\n                - googlechat\n                - webex\n                - sentry\n                - azureeventhub\n                - telegram\n                - lark\n                - matrix\n                - opsgenie\n                - alertmanager\n                - grafana\n                type: string\n              username:\n                description: Bot username for this provider\n                type: string\n            required:\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ProviderStatus defines the observed state of Provider\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: receivers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Receiver\n    listKind: ReceiverList\n    plural: receivers\n    singular: receiver\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Receiver is the Schema for the receivers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ReceiverSpec defines the desired state of Receiver\n            properties:\n              events:\n                description: A list of events to handle, e.g. 'push' for GitHub or\n                  'Push Hook' for GitLab.\n                items:\n                  type: string\n                type: array\n              resources:\n                description: A list of resources to be notified about changes.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              secretRef:\n                description: Secret reference containing the token used to validate\n                  the payload authenticity\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of webhook sender, used to determine the validation\n                  procedure and payload deserialization.\n                enum:\n                - generic\n                - generic-hmac\n                - github\n                - gitlab\n                - bitbucket\n                - harbor\n                - dockerhub\n                - quay\n                - gcr\n                - nexus\n                - acr\n                type: string\n            required:\n            - resources\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ReceiverStatus defines the observed state of Receiver\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helm-controller\n  namespace: flux-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomize-controller\n  namespace: flux-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: notification-controller\n  namespace: flux-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: source-controller\n  namespace: flux-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nrules:\n- apiGroups:\n  - source.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - kustomize.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - helm.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - notification.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - image.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - \"\"\n  resources:\n  - namespaces\n  - secrets\n  - configmaps\n  - serviceaccounts\n  verbs:\n  - get\n  - list\n  - watch\n- apiGroups:\n  - \"\"\n  resources:\n  - events\n  verbs:\n  - create\n  - patch\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps/status\n  verbs:\n  - get\n  - update\n  - patch\n- apiGroups:\n  - coordination.k8s.io\n  resources:\n  - leases\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: cluster-reconciler-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: crd-controller-flux-system\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: source-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: notification-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-reflector-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-automation-controller\n  namespace: flux-system\n---\napiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: notification-controller\n  type: ClusterIP\n---\napiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: source-controller\n  type: ClusterIP\n---\napiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: webhook-receiver\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http-webhook\n  selector:\n    app: notification-controller\n  type: ClusterIP\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: helm-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: helm-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: helm-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/helm-controller:v0.21.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: helm-controller\n      terminationGracePeriodSeconds: 600\n      volumes:\n      - emptyDir: {}\n        name: temp\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: kustomize-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: kustomize-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: kustomize-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/kustomize-controller:v0.25.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: kustomize-controller\n      terminationGracePeriodSeconds: 60\n      volumes:\n      - emptyDir: {}\n        name: temp\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: notification-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: notification-controller\n    spec:\n      containers:\n      - args:\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/notification-controller:v0.23.5\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 9292\n          name: http-webhook\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: notification-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: temp\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: source-controller\n  strategy:\n    type: Recreate\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: source-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        - --storage-path=/data\n        - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/source-controller:v0.24.4\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /\n            port: http\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 50m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /data\n          name: data\n        - mountPath: /tmp\n          name: tmp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: source-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: data\n      - emptyDir: {}\n        name: tmp\n",
-            "id": "2e1d70facf3d57e974ca1cb0830acd8d16311b82deb3c0e5ecb482fc7aa1261b",
-            "image_pull_secrets": null,
-            "log_level": "info",
-            "namespace": "flux-system",
-            "network_policy": false,
-            "path": "clank/flux-system/gotk-components.yaml",
-            "registry": "ghcr.io/fluxcd",
-            "target_path": "clank",
-            "toleration_keys": null,
-            "version": "latest",
-            "watch_all_namespaces": true
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.flux",
-      "mode": "data",
-      "type": "flux_sync",
-      "name": "main",
-      "provider": "module.flux.provider[\"registry.terraform.io/fluxcd/flux\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "branch": "main",
-            "commit": null,
-            "content": "# This manifest was generated by flux. DO NOT EDIT.\n---\napiVersion: source.toolkit.fluxcd.io/v1beta2\nkind: GitRepository\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 1m0s\n  ref:\n    branch: main\n  secretRef:\n    name: flux-system\n  url: ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git\n---\napiVersion: kustomize.toolkit.fluxcd.io/v1beta2\nkind: Kustomization\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 10m0s\n  path: ./clank\n  prune: true\n  sourceRef:\n    kind: GitRepository\n    name: flux-system\n",
-            "git_implementation": null,
-            "id": "03f8aac88c0386cce28b142e9ea4defd3902a90a0213b8722ce04021876756ee",
-            "interval": 1,
-            "kustomize_content": "\napiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\nresources:\n- gotk-sync.yaml\n- gotk-components.yaml\n",
-            "kustomize_path": "clank/flux-system/kustomization.yaml",
-            "name": "flux-system",
-            "namespace": "flux-system",
-            "patch_file_paths": {},
-            "patch_names": null,
-            "path": "clank/flux-system/gotk-sync.yaml",
-            "secret": "flux-system",
-            "semver": null,
-            "tag": null,
-            "target_path": "clank",
-            "url": "ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git"
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.flux",
-      "mode": "data",
-      "type": "kubectl_file_documents",
-      "name": "apply",
-      "provider": "module.flux.provider[\"registry.terraform.io/gavinbunney/kubectl\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "content": "---\n# This manifest was generated by flux. DO NOT EDIT.\n# Flux Version: latest\n# Components: source-controller,kustomize-controller,helm-controller,notification-controller\napiVersion: v1\nkind: Namespace\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    pod-security.kubernetes.io/warn: restricted\n    pod-security.kubernetes.io/warn-version: latest\n  name: flux-system\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: alerts.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Alert\n    listKind: AlertList\n    plural: alerts\n    singular: alert\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Alert is the Schema for the alerts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: AlertSpec defines an alerting rule for events involving a\n              list of objects\n            properties:\n              eventSeverity:\n                default: info\n                description: Filter events based on severity, defaults to ('info').\n                  If set to 'info' no events will be filtered.\n                enum:\n                - info\n                - error\n                type: string\n              eventSources:\n                description: Filter events based on the involved objects.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              exclusionList:\n                description: A list of Golang regular expressions to be used for excluding\n                  messages.\n                items:\n                  type: string\n                type: array\n              providerRef:\n                description: Send events using this provider.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              summary:\n                description: Short description of the impact and affected cluster.\n                type: string\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events dispatching. Defaults to false.\n                type: boolean\n            required:\n            - eventSources\n            - providerRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: AlertStatus defines the observed state of Alert\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: buckets.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: Bucket\n    listKind: BucketList\n    plural: buckets\n    singular: bucket\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec defines the desired state of an S3 compatible\n              bucket\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: The bucket name.\n                type: string\n              endpoint:\n                description: The bucket endpoint address.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.\n                type: boolean\n              interval:\n                description: The interval at which to check for bucket updates.\n                type: string\n              provider:\n                default: generic\n                description: The S3 compatible storage provider name, default ('generic').\n                enum:\n                - generic\n                - aws\n                - gcp\n                type: string\n              region:\n                description: The bucket region.\n                type: string\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for download operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus defines the observed state of a bucket\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  Bucket sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last Bucket sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec specifies the required configuration to produce\n              an Artifact for an object storage bucket.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: BucketName is the name of the object storage bucket.\n                type: string\n              endpoint:\n                description: Endpoint is the object storage address the BucketName\n                  is located at.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS HTTP Endpoint.\n                type: boolean\n              interval:\n                description: Interval at which to check the Endpoint for updates.\n                type: string\n              provider:\n                default: generic\n                description: Provider of the object storage bucket. Defaults to 'generic',\n                  which expects an S3 (API) compatible object storage.\n                enum:\n                - generic\n                - aws\n                - gcp\n                - azure\n                type: string\n              region:\n                description: Region of the Endpoint where the BucketName is located\n                  in.\n                type: string\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this Bucket.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for fetch operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus records the observed state of a Bucket.\n            properties:\n              artifact:\n                description: Artifact represents the last successful Bucket reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the Bucket object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: gitrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: GitRepository\n    listKind: GitRepositoryList\n    plural: gitrepositories\n    shortNames:\n    - gitrepo\n    singular: gitrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec defines the desired state of a Git repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: Determines which git client library to use. Defaults\n                  to go-git, valid values are ('go-git', 'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Extra git repositories to map into the repository\n                items:\n                  description: GitRepositoryInclude defines a source with a from and\n                    to path.\n                  properties:\n                    fromPath:\n                      description: The path to copy contents from, defaults to the\n                        root directory.\n                      type: string\n                    repository:\n                      description: Reference to a GitRepository to include.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: The path to copy contents to, defaults to the name\n                        of the source ref.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to check for repository updates.\n                type: string\n              recurseSubmodules:\n                description: When enabled, after the clone is created, initializes\n                  all submodules within, using their default settings. This option\n                  is available only when using the 'go-git' GitImplementation.\n                type: boolean\n              ref:\n                description: The Git reference to checkout and monitor for changes,\n                  defaults to master branch.\n                properties:\n                  branch:\n                    description: The Git branch to checkout, defaults to master.\n                    type: string\n                  commit:\n                    description: The Git commit SHA to checkout, if specified Tag\n                      filters will be ignored.\n                    type: string\n                  semver:\n                    description: The Git tag semver expression, takes precedence over\n                      Tag.\n                    type: string\n                  tag:\n                    description: The Git tag to checkout, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: The secret name containing the Git credentials. For HTTPS\n                  repositories the secret must contain username and password fields.\n                  For SSH repositories the secret must contain identity and known_hosts\n                  fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for remote Git operations like cloning, defaults\n                  to 60s.\n                type: string\n              url:\n                description: The repository URL, can be a HTTP/S or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verify OpenPGP signature for the Git commit HEAD points\n                  to.\n                properties:\n                  mode:\n                    description: Mode describes what git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: The secret name containing the public keys of all\n                      trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus defines the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts represents the included artifacts from\n                  the last successful repository sync.\n                items:\n                  description: Artifact represents the output of a source synchronisation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the artifact.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of this artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of this artifact.\n                      type: string\n                    revision:\n                      description: Revision is a human readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm index timestamp, a Helm chart version, etc.\n                      type: string\n                    url:\n                      description: URL is the HTTP address of this artifact.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last repository sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec specifies the required configuration to\n              produce an Artifact for a Git repository.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: GitImplementation specifies which Git client library\n                  implementation to use. Defaults to 'go-git', valid values are ('go-git',\n                  'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Include specifies a list of GitRepository resources which\n                  Artifacts should be included in the Artifact produced for this GitRepository.\n                items:\n                  description: GitRepositoryInclude specifies a local reference to\n                    a GitRepository which Artifact (sub-)contents must be included,\n                    and where they should be placed.\n                  properties:\n                    fromPath:\n                      description: FromPath specifies the path to copy contents from,\n                        defaults to the root of the Artifact.\n                      type: string\n                    repository:\n                      description: GitRepositoryRef specifies the GitRepository which\n                        Artifact contents must be included.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: ToPath specifies the path to copy contents to,\n                        defaults to the name of the GitRepositoryRef.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: Interval at which to check the GitRepository for updates.\n                type: string\n              recurseSubmodules:\n                description: RecurseSubmodules enables the initialization of all submodules\n                  within the GitRepository as cloned from the URL, using their default\n                  settings. This option is available only when using the 'go-git'\n                  GitImplementation.\n                type: boolean\n              ref:\n                description: Reference specifies the Git reference to resolve and\n                  monitor for changes, defaults to the 'master' branch.\n                properties:\n                  branch:\n                    description: \"Branch to check out, defaults to 'master' if no\n                      other field is defined. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', a shallow clone of the specified branch\n                      is performed.\"\n                    type: string\n                  commit:\n                    description: \"Commit SHA to check out, takes precedence over all\n                      reference fields. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', this can be combined with Branch to shallow\n                      clone the branch, in which the commit is expected to exist.\"\n                    type: string\n                  semver:\n                    description: SemVer tag expression to check out, takes precedence\n                      over Tag.\n                    type: string\n                  tag:\n                    description: Tag to check out, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the GitRepository. For HTTPS repositories the Secret\n                  must contain 'username' and 'password' fields. For SSH repositories\n                  the Secret must contain 'identity' and 'known_hosts' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this GitRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for Git operations like cloning, defaults to\n                  60s.\n                type: string\n              url:\n                description: URL specifies the Git repository URL, it can be an HTTP/S\n                  or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verification specifies the configuration to verify the\n                  Git commit signature(s).\n                properties:\n                  mode:\n                    description: Mode specifies what Git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: SecretRef specifies the Secret containing the public\n                      keys of trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus records the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful GitRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts contains a list of the last successfully\n                  included Artifacts as instructed by GitRepositorySpec.Include.\n                items:\n                  description: Artifact represents the output of a Source reconciliation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the Artifact\n                        file.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of the Artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of the Artifact.\n                        It can be used to locate the file in the root of the Artifact\n                        storage on the local file system of the controller managing\n                        the Source.\n                      type: string\n                    revision:\n                      description: Revision is a human-readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm chart version, etc.\n                      type: string\n                    size:\n                      description: Size is the number of bytes in the file.\n                      format: int64\n                      type: integer\n                    url:\n                      description: URL is the HTTP address of the Artifact as exposed\n                        by the controller managing the Source. It can be used to retrieve\n                        the Artifact for consumption, e.g. by another controller applying\n                        the Artifact contents.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the GitRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise GitRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmcharts.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmChart\n    listKind: HelmChartList\n    plural: helmcharts\n    shortNames:\n    - hc\n    singular: helmchart\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec defines the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: The name or path the Helm chart is available at in the\n                  SourceRef.\n                type: string\n              interval:\n                description: The interval at which to check the Source for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: Determines what enables the creation of a new artifact.\n                  Valid values are ('ChartVersion', 'Revision'). See the documentation\n                  of the values for an explanation on their behavior. Defaults to\n                  ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: The reference to the Source the chart is available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: Alternative values file to use as the default chart values,\n                  expected to be a relative path in the SourceRef. Deprecated in favor\n                  of ValuesFiles, for backwards compatibility the file defined here\n                  is merged before the ValuesFiles items. Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: Alternative list of values files to use as the chart\n                  values (values.yaml is not included by default), expected to be\n                  a relative path in the SourceRef. Values files are merged in the\n                  order of this list with the last file overriding the first. Ignored\n                  when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: The chart version semver expression, ignored for charts\n                  from GitRepository and Bucket sources. Defaults to latest when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus defines the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  chart sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last chart pulled.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec specifies the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: Chart is the name or path the Helm chart is available\n                  at in the SourceRef.\n                type: string\n              interval:\n                description: Interval is the interval at which to check the Source\n                  for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: ReconcileStrategy determines what enables the creation\n                  of a new artifact. Valid values are ('ChartVersion', 'Revision').\n                  See the documentation of the values for an explanation on their\n                  behavior. Defaults to ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: SourceRef is the reference to the Source the chart is\n                  available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: ValuesFile is an alternative values file to use as the\n                  default chart values, expected to be a relative path in the SourceRef.\n                  Deprecated in favor of ValuesFiles, for backwards compatibility\n                  the file specified here is merged before the ValuesFiles items.\n                  Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: ValuesFiles is an alternative list of values files to\n                  use as the chart values (values.yaml is not included by default),\n                  expected to be a relative path in the SourceRef. Values files are\n                  merged in the order of this list with the last file overriding the\n                  first. Ignored when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: Version is the chart version semver expression, ignored\n                  for charts from GitRepository and Bucket sources. Defaults to latest\n                  when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus records the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedChartName:\n                description: ObservedChartName is the last observed chart name as\n                  specified by the resolved chart reference.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmChart object.\n                format: int64\n                type: integer\n              observedSourceArtifactRevision:\n                description: ObservedSourceArtifactRevision is the last observed Artifact.Revision\n                  of the HelmChartSpec.SourceRef.\n                type: string\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmreleases.helm.toolkit.fluxcd.io\nspec:\n  group: helm.toolkit.fluxcd.io\n  names:\n    kind: HelmRelease\n    listKind: HelmReleaseList\n    plural: helmreleases\n    shortNames:\n    - hr\n    singular: helmrelease\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v2beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRelease is the Schema for the helmreleases API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmReleaseSpec defines the desired state of a Helm release.\n            properties:\n              chart:\n                description: Chart defines the template of the v1beta2.HelmChart that\n                  should be created for this HelmRelease.\n                properties:\n                  spec:\n                    description: Spec holds the template for the v1beta2.HelmChartSpec\n                      for this HelmRelease.\n                    properties:\n                      chart:\n                        description: The name or path the Helm chart is available\n                          at in the SourceRef.\n                        type: string\n                      interval:\n                        description: Interval at which to check the v1beta2.Source\n                          for updates. Defaults to 'HelmReleaseSpec.Interval'.\n                        type: string\n                      reconcileStrategy:\n                        default: ChartVersion\n                        description: Determines what enables the creation of a new\n                          artifact. Valid values are ('ChartVersion', 'Revision').\n                          See the documentation of the values for an explanation on\n                          their behavior. Defaults to ChartVersion when omitted.\n                        enum:\n                        - ChartVersion\n                        - Revision\n                        type: string\n                      sourceRef:\n                        description: The name and namespace of the v1beta2.Source\n                          the chart is available at.\n                        properties:\n                          apiVersion:\n                            description: APIVersion of the referent.\n                            type: string\n                          kind:\n                            description: Kind of the referent.\n                            enum:\n                            - HelmRepository\n                            - GitRepository\n                            - Bucket\n                            type: string\n                          name:\n                            description: Name of the referent.\n                            maxLength: 253\n                            minLength: 1\n                            type: string\n                          namespace:\n                            description: Namespace of the referent.\n                            maxLength: 63\n                            minLength: 1\n                            type: string\n                        required:\n                        - name\n                        type: object\n                      valuesFile:\n                        description: Alternative values file to use as the default\n                          chart values, expected to be a relative path in the SourceRef.\n                          Deprecated in favor of ValuesFiles, for backwards compatibility\n                          the file defined here is merged before the ValuesFiles items.\n                          Ignored when omitted.\n                        type: string\n                      valuesFiles:\n                        description: Alternative list of values files to use as the\n                          chart values (values.yaml is not included by default), expected\n                          to be a relative path in the SourceRef. Values files are\n                          merged in the order of this list with the last file overriding\n                          the first. Ignored when omitted.\n                        items:\n                          type: string\n                        type: array\n                      version:\n                        default: '*'\n                        description: Version semver expression, ignored for charts\n                          from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults\n                          to latest when omitted.\n                        type: string\n                    required:\n                    - chart\n                    - sourceRef\n                    type: object\n                required:\n                - spec\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to HelmRelease resources that must be ready\n                  before this HelmRelease can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              install:\n                description: Install holds the configuration for Helm install actions\n                  for this HelmRelease.\n                properties:\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Create`\n                      and if omitted CRDs are installed but not updated. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are applied (installed) during Helm install action. With this\n                      option users can opt-in to CRD replace existing CRDs on Helm\n                      install actions, which is not (yet) natively supported by Helm.\n                      https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  createNamespace:\n                    description: CreateNamespace tells the Helm install action to\n                      create the HelmReleaseSpec.TargetNamespace if it does not exist\n                      yet. On uninstall, the namespace will not be garbage collected.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm install action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm install\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm install has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm install has been performed.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm install action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an install\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false'.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          an uninstall, is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                    type: object\n                  replace:\n                    description: Replace tells the Helm install action to re-use the\n                      'ReleaseName', but only if that name is a deleted release which\n                      remains in the history.\n                    type: boolean\n                  skipCRDs:\n                    description: \"SkipCRDs tells the Helm install action to not install\n                      any CRDs. By default, CRDs are installed if not already present.\n                      \\n Deprecated use CRD policy (`crds`) attribute with value `Skip`\n                      instead.\"\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              interval:\n                description: Interval at which to reconcile the Helm release.\n                type: string\n              kubeConfig:\n                description: KubeConfig for reconciling the HelmRelease on a remote\n                  cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a key with the kubeconfig file as the value. If no key is specified\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the HelmRelease. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the HelmRelease.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              maxHistory:\n                description: MaxHistory is the number of revisions saved by Helm for\n                  this HelmRelease. Use '0' for an unlimited number of revisions;\n                  defaults to '10'.\n                type: integer\n              postRenderers:\n                description: PostRenderers holds an array of Helm PostRenderers, which\n                  will be applied in order of their definition.\n                items:\n                  description: PostRenderer contains a Helm PostRenderer specification.\n                  properties:\n                    kustomize:\n                      description: Kustomization to apply as PostRenderer.\n                      properties:\n                        images:\n                          description: Images is a list of (image name, new name,\n                            new tag or digest) for changing image names, tags or digests.\n                            This can also be achieved with a patch, but this operator\n                            is simpler to specify.\n                          items:\n                            description: Image contains an image name, a new name,\n                              a new tag or digest, which will replace the original\n                              name and tag.\n                            properties:\n                              digest:\n                                description: Digest is the value used to replace the\n                                  original image tag. If digest is present NewTag\n                                  value is ignored.\n                                type: string\n                              name:\n                                description: Name is a tag-less image name.\n                                type: string\n                              newName:\n                                description: NewName is the value used to replace\n                                  the original name.\n                                type: string\n                              newTag:\n                                description: NewTag is the value used to replace the\n                                  original tag.\n                                type: string\n                            required:\n                            - name\n                            type: object\n                          type: array\n                        patches:\n                          description: Strategic merge and JSON patches, defined as\n                            inline YAML objects, capable of targeting objects based\n                            on kind, label and annotation selectors.\n                          items:\n                            description: Patch contains an inline StrategicMerge or\n                              JSON6902 patch, and the target the patch should be applied\n                              to.\n                            properties:\n                              patch:\n                                description: Patch contains an inline StrategicMerge\n                                  patch or an inline JSON6902 patch with an array\n                                  of operation objects.\n                                type: string\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            type: object\n                          type: array\n                        patchesJson6902:\n                          description: JSON 6902 patches, defined as inline YAML objects.\n                          items:\n                            description: JSON6902Patch contains a JSON6902 patch and\n                              the target the patch should be applied to.\n                            properties:\n                              patch:\n                                description: Patch contains the JSON6902 patch document\n                                  with an array of operation objects.\n                                items:\n                                  description: JSON6902 is a JSON6902 operation object.\n                                    https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                  properties:\n                                    from:\n                                      description: From contains a JSON-pointer value\n                                        that references a location within the target\n                                        document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      type: string\n                                    op:\n                                      description: Op indicates the operation to perform.\n                                        Its value MUST be one of \"add\", \"remove\",\n                                        \"replace\", \"move\", \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                      enum:\n                                      - test\n                                      - remove\n                                      - add\n                                      - replace\n                                      - move\n                                      - copy\n                                      type: string\n                                    path:\n                                      description: Path contains the JSON-pointer\n                                        value that references a location within the\n                                        target document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op.\n                                      type: string\n                                    value:\n                                      description: Value contains a valid JSON structure.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      x-kubernetes-preserve-unknown-fields: true\n                                  required:\n                                  - op\n                                  - path\n                                  type: object\n                                type: array\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            required:\n                            - patch\n                            - target\n                            type: object\n                          type: array\n                        patchesStrategicMerge:\n                          description: Strategic merge patches, defined as inline\n                            YAML objects.\n                          items:\n                            x-kubernetes-preserve-unknown-fields: true\n                          type: array\n                      type: object\n                  type: object\n                type: array\n              releaseName:\n                description: ReleaseName used for the Helm release. Defaults to a\n                  composition of '[TargetNamespace-]Name'.\n                maxLength: 53\n                minLength: 1\n                type: string\n              rollback:\n                description: Rollback holds the configuration for Helm rollback actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm rollback action when it fails.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm rollback has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm rollback has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  recreate:\n                    description: Recreate performs pod restarts for the resource if\n                      applicable.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this HelmRelease.\n                type: string\n              storageNamespace:\n                description: StorageNamespace used for the Helm storage. Defaults\n                  to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              suspend:\n                description: Suspend tells the controller to suspend reconciliation\n                  for this HelmRelease, it does not apply to already started reconciliations.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace to target when performing operations\n                  for the HelmRelease. Defaults to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              test:\n                description: Test holds the configuration for Helm test actions for\n                  this HelmRelease.\n                properties:\n                  enable:\n                    description: Enable enables Helm test actions for this HelmRelease\n                      after an Helm install or upgrade action has been performed.\n                    type: boolean\n                  ignoreFailures:\n                    description: IgnoreFailures tells the controller to skip remediation\n                      when the Helm tests are run but fail. Can be overwritten for\n                      tests run after install or upgrade actions in 'Install.IgnoreTestFailures'\n                      and 'Upgrade.IgnoreTestFailures'.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation during the performance of a Helm test action. Defaults\n                      to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              timeout:\n                description: Timeout is the time to wait for any individual Kubernetes\n                  operation (like Jobs for hooks) during the performance of a Helm\n                  action. Defaults to '5m0s'.\n                type: string\n              uninstall:\n                description: Uninstall holds the configuration for Helm uninstall\n                  actions for this HelmRelease.\n                properties:\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables waiting for all the resources\n                      to be deleted after a Helm uninstall is performed.\n                    type: boolean\n                  keepHistory:\n                    description: KeepHistory tells Helm to remove all associated resources\n                      and mark the release as deleted, but retain the release history.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              upgrade:\n                description: Upgrade holds the configuration for Helm upgrade actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm upgrade action when it fails.\n                    type: boolean\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and\n                      if omitted CRDs are neither installed nor upgraded. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are not applied during Helm upgrade action. With this option\n                      users can opt-in to CRD upgrade, which is not (yet) natively\n                      supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm upgrade action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm upgrade\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm upgrade has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm upgrade has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  preserveValues:\n                    description: PreserveValues will make Helm reuse the last release's\n                      values and merge in overrides from 'Values'. Setting this flag\n                      makes the HelmRelease non-declarative.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm upgrade action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an upgrade\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false' unless 'Retries' is greater than 0.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          'Strategy', is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                      strategy:\n                        description: Strategy to use for failure remediation. Defaults\n                          to 'rollback'.\n                        enum:\n                        - rollback\n                        - uninstall\n                        type: string\n                    type: object\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              values:\n                description: Values holds the values for this Helm release.\n                x-kubernetes-preserve-unknown-fields: true\n              valuesFrom:\n                description: ValuesFrom holds references to resources containing Helm\n                  values for this HelmRelease, and information about how they should\n                  be merged.\n                items:\n                  description: ValuesReference contains a reference to a resource\n                    containing Helm values, and optionally the key they can be found\n                    at.\n                  properties:\n                    kind:\n                      description: Kind of the values referent, valid values are ('Secret',\n                        'ConfigMap').\n                      enum:\n                      - Secret\n                      - ConfigMap\n                      type: string\n                    name:\n                      description: Name of the values referent. Should reside in the\n                        same namespace as the referring resource.\n                      maxLength: 253\n                      minLength: 1\n                      type: string\n                    optional:\n                      description: Optional marks this ValuesReference as optional.\n                        When set, a not found error for the values reference is ignored,\n                        but any ValuesKey, TargetPath or transient error will still\n                        result in a reconciliation failure.\n                      type: boolean\n                    targetPath:\n                      description: TargetPath is the YAML dot notation path the value\n                        should be merged at. When set, the ValuesKey is expected to\n                        be a single flat value. Defaults to 'None', which results\n                        in the values getting merged at the root.\n                      type: string\n                    valuesKey:\n                      description: ValuesKey is the data key where the values.yaml\n                        or a specific value can be found at. Defaults to 'values.yaml'.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n            required:\n            - chart\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmReleaseStatus defines the observed state of a HelmRelease.\n            properties:\n              conditions:\n                description: Conditions holds the conditions for the HelmRelease.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              failures:\n                description: Failures is the reconciliation failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              helmChart:\n                description: HelmChart is the namespaced name of the HelmChart resource\n                  created by the controller for the HelmRelease.\n                type: string\n              installFailures:\n                description: InstallFailures is the install failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              lastAppliedRevision:\n                description: LastAppliedRevision is the revision of the last successfully\n                  applied source.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastAttemptedValuesChecksum:\n                description: LastAttemptedValuesChecksum is the SHA1 checksum of the\n                  values of the last reconciliation attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              lastReleaseRevision:\n                description: LastReleaseRevision is the revision of the last successful\n                  Helm release.\n                type: integer\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              upgradeFailures:\n                description: UpgradeFailures is the upgrade failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmRepository\n    listKind: HelmRepositoryList\n    plural: helmrepositories\n    shortNames:\n    - helmrepo\n    singular: helmrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec defines the reference to a Helm repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: The interval at which to check the upstream for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Helm repository. For HTTP/S basic auth the secret must contain\n                  username and password fields. For TLS the secret must contain a\n                  certFile and keyFile, and/or caCert fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout of index downloading, defaults to 60s.\n                type: string\n              url:\n                description: The Helm repository URL, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus defines the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last index fetched.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec specifies the required configuration to\n              produce an Artifact for a Helm repository index YAML.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: Interval at which to check the URL for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the HelmRepository. For HTTP/S basic auth the secret\n                  must contain 'username' and 'password' fields. For TLS the secret\n                  must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this HelmRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout of the index fetch operation, defaults to 60s.\n                type: string\n              url:\n                description: URL of the Helm repository, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus records the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful HelmRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise HelmRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomizations.kustomize.toolkit.fluxcd.io\nspec:\n  group: kustomize.toolkit.fluxcd.io\n  names:\n    kind: Kustomization\n    listKind: KustomizationList\n    plural: kustomizations\n    shortNames:\n    - ks\n    singular: kustomization\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the desired state of a kustomization.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When specified, KubeConfig takes precedence over\n                  ServiceAccountName.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a 'value' key with the kubeconfig file as the value. It must\n                      be in the same namespace as the Kustomization. It is recommended\n                      that the kubeconfig is self-contained, and the secret is regularly\n                      updated if credentials such as a cloud-access-token expire.\n                      Cloud specific `cmd-path` auth helpers will not function without\n                      adding binaries and credentials to the Pod that is responsible\n                      for reconciling the Kustomization.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: JSON 6902 patches, defined as inline YAML objects.\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: Strategic merge patches, defined as inline YAML objects.\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent\n                    type: string\n                  kind:\n                    description: Kind of the referent\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the Kustomization\n                      namespace\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: Validate the Kubernetes objects before applying them\n                  on the cluster. The validation strategy can be 'client' (local dry-run),\n                  'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',\n                  validation will fallback to 'client' if set to 'server' because\n                  server-side validation is not supported in this scenario.\n                enum:\n                - none\n                - client\n                - server\n                type: string\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n              snapshot:\n                description: The last successfully applied revision metadata.\n                properties:\n                  checksum:\n                    description: The manifests sha1 checksum.\n                    type: string\n                  entries:\n                    description: A list of Kubernetes kinds grouped by namespace.\n                    items:\n                      description: Snapshot holds the metadata of namespaced Kubernetes\n                        objects\n                      properties:\n                        kinds:\n                          additionalProperties:\n                            type: string\n                          description: The list of Kubernetes kinds.\n                          type: object\n                        namespace:\n                          description: The namespace of this entry.\n                          type: string\n                      required:\n                      - kinds\n                      type: object\n                    type: array\n                required:\n                - checksum\n                - entries\n                type: object\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the configuration to calculate\n              the desired state from a Source using Kustomize.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name of a secret that contains\n                      a key with the kubeconfig file as the value. If no key is set,\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the Kustomization. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the Kustomization.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:\n                  Use Patches instead.'\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: 'Strategic merge patches, defined as inline YAML objects.\n                  Deprecated: Use Patches instead.'\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                        optional:\n                          default: false\n                          description: Optional indicates whether the referenced resource\n                            must exist, or whether to tolerate its absence. If true\n                            and the referenced resource is absent, proceed as if the\n                            resource was present but empty, without any variables\n                            defined.\n                          type: boolean\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent.\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the namespace\n                      of the Kubernetes resource object that contains the reference.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: 'Deprecated: Not used in v1beta2.'\n                enum:\n                - none\n                - client\n                - server\n                type: string\n              wait:\n                description: Wait instructs the controller to check the health of\n                  all the reconciled resources. When enabled, the HealthChecks are\n                  ignored. Defaults to false.\n                type: boolean\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              inventory:\n                description: Inventory contains the list of Kubernetes resource object\n                  references that have been successfully applied.\n                properties:\n                  entries:\n                    description: Entries of Kubernetes resource object references.\n                    items:\n                      description: ResourceRef contains the information necessary\n                        to locate a resource within a cluster.\n                      properties:\n                        id:\n                          description: ID is the string representation of the Kubernetes\n                            resource object's metadata, in the format '\u003cnamespace\u003e_\u003cname\u003e_\u003cgroup\u003e_\u003ckind\u003e'.\n                          type: string\n                        v:\n                          description: Version is the API version of the Kubernetes\n                            resource object's kind.\n                          type: string\n                      required:\n                      - id\n                      - v\n                      type: object\n                    type: array\n                required:\n                - entries\n                type: object\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: providers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Provider\n    listKind: ProviderList\n    plural: providers\n    singular: provider\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Provider is the Schema for the providers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ProviderSpec defines the desired state of Provider\n            properties:\n              address:\n                description: HTTP/S webhook address of this provider\n                pattern: ^(http|https)://\n                type: string\n              certSecretRef:\n                description: CertSecretRef can be given the name of a secret containing\n                  a PEM-encoded CA certificate (`caFile`)\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              channel:\n                description: Alert channel for this provider\n                type: string\n              proxy:\n                description: HTTP/S address of the proxy\n                pattern: ^(http|https)://\n                type: string\n              secretRef:\n                description: Secret reference containing the provider webhook URL\n                  using \"address\" as data key\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of provider\n                enum:\n                - slack\n                - discord\n                - msteams\n                - rocket\n                - generic\n                - github\n                - gitlab\n                - bitbucket\n                - azuredevops\n                - googlechat\n                - webex\n                - sentry\n                - azureeventhub\n                - telegram\n                - lark\n                - matrix\n                - opsgenie\n                - alertmanager\n                - grafana\n                type: string\n              username:\n                description: Bot username for this provider\n                type: string\n            required:\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ProviderStatus defines the observed state of Provider\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: receivers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Receiver\n    listKind: ReceiverList\n    plural: receivers\n    singular: receiver\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Receiver is the Schema for the receivers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ReceiverSpec defines the desired state of Receiver\n            properties:\n              events:\n                description: A list of events to handle, e.g. 'push' for GitHub or\n                  'Push Hook' for GitLab.\n                items:\n                  type: string\n                type: array\n              resources:\n                description: A list of resources to be notified about changes.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              secretRef:\n                description: Secret reference containing the token used to validate\n                  the payload authenticity\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of webhook sender, used to determine the validation\n                  procedure and payload deserialization.\n                enum:\n                - generic\n                - generic-hmac\n                - github\n                - gitlab\n                - bitbucket\n                - harbor\n                - dockerhub\n                - quay\n                - gcr\n                - nexus\n                - acr\n                type: string\n            required:\n            - resources\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ReceiverStatus defines the observed state of Receiver\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helm-controller\n  namespace: flux-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomize-controller\n  namespace: flux-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: notification-controller\n  namespace: flux-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: source-controller\n  namespace: flux-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nrules:\n- apiGroups:\n  - source.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - kustomize.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - helm.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - notification.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - image.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - \"\"\n  resources:\n  - namespaces\n  - secrets\n  - configmaps\n  - serviceaccounts\n  verbs:\n  - get\n  - list\n  - watch\n- apiGroups:\n  - \"\"\n  resources:\n  - events\n  verbs:\n  - create\n  - patch\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps/status\n  verbs:\n  - get\n  - update\n  - patch\n- apiGroups:\n  - coordination.k8s.io\n  resources:\n  - leases\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: cluster-reconciler-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: crd-controller-flux-system\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: source-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: notification-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-reflector-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-automation-controller\n  namespace: flux-system\n---\napiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: notification-controller\n  type: ClusterIP\n---\napiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: source-controller\n  type: ClusterIP\n---\napiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: webhook-receiver\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http-webhook\n  selector:\n    app: notification-controller\n  type: ClusterIP\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: helm-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: helm-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: helm-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/helm-controller:v0.21.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: helm-controller\n      terminationGracePeriodSeconds: 600\n      volumes:\n      - emptyDir: {}\n        name: temp\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: kustomize-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: kustomize-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: kustomize-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/kustomize-controller:v0.25.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: kustomize-controller\n      terminationGracePeriodSeconds: 60\n      volumes:\n      - emptyDir: {}\n        name: temp\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: notification-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: notification-controller\n    spec:\n      containers:\n      - args:\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/notification-controller:v0.23.5\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 9292\n          name: http-webhook\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: notification-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: temp\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: source-controller\n  strategy:\n    type: Recreate\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: source-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        - --storage-path=/data\n        - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/source-controller:v0.24.4\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /\n            port: http\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 50m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /data\n          name: data\n        - mountPath: /tmp\n          name: tmp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: source-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: data\n      - emptyDir: {}\n        name: tmp\n",
-            "documents": [
-              "---\n# This manifest was generated by flux. DO NOT EDIT.\n# Flux Version: latest\n# Components: source-controller,kustomize-controller,helm-controller,notification-controller\napiVersion: v1\nkind: Namespace\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    pod-security.kubernetes.io/warn: restricted\n    pod-security.kubernetes.io/warn-version: latest\n  name: flux-system",
-              "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: alerts.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Alert\n    listKind: AlertList\n    plural: alerts\n    singular: alert\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Alert is the Schema for the alerts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: AlertSpec defines an alerting rule for events involving a\n              list of objects\n            properties:\n              eventSeverity:\n                default: info\n                description: Filter events based on severity, defaults to ('info').\n                  If set to 'info' no events will be filtered.\n                enum:\n                - info\n                - error\n                type: string\n              eventSources:\n                description: Filter events based on the involved objects.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              exclusionList:\n                description: A list of Golang regular expressions to be used for excluding\n                  messages.\n                items:\n                  type: string\n                type: array\n              providerRef:\n                description: Send events using this provider.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              summary:\n                description: Short description of the impact and affected cluster.\n                type: string\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events dispatching. Defaults to false.\n                type: boolean\n            required:\n            - eventSources\n            - providerRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: AlertStatus defines the observed state of Alert\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-              "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: buckets.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: Bucket\n    listKind: BucketList\n    plural: buckets\n    singular: bucket\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec defines the desired state of an S3 compatible\n              bucket\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: The bucket name.\n                type: string\n              endpoint:\n                description: The bucket endpoint address.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.\n                type: boolean\n              interval:\n                description: The interval at which to check for bucket updates.\n                type: string\n              provider:\n                default: generic\n                description: The S3 compatible storage provider name, default ('generic').\n                enum:\n                - generic\n                - aws\n                - gcp\n                type: string\n              region:\n                description: The bucket region.\n                type: string\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for download operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus defines the observed state of a bucket\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  Bucket sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last Bucket sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec specifies the required configuration to produce\n              an Artifact for an object storage bucket.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: BucketName is the name of the object storage bucket.\n                type: string\n              endpoint:\n                description: Endpoint is the object storage address the BucketName\n                  is located at.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS HTTP Endpoint.\n                type: boolean\n              interval:\n                description: Interval at which to check the Endpoint for updates.\n                type: string\n              provider:\n                default: generic\n                description: Provider of the object storage bucket. Defaults to 'generic',\n                  which expects an S3 (API) compatible object storage.\n                enum:\n                - generic\n                - aws\n                - gcp\n                - azure\n                type: string\n              region:\n                description: Region of the Endpoint where the BucketName is located\n                  in.\n                type: string\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this Bucket.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for fetch operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus records the observed state of a Bucket.\n            properties:\n              artifact:\n                description: Artifact represents the last successful Bucket reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the Bucket object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-              "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: gitrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: GitRepository\n    listKind: GitRepositoryList\n    plural: gitrepositories\n    shortNames:\n    - gitrepo\n    singular: gitrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec defines the desired state of a Git repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: Determines which git client library to use. Defaults\n                  to go-git, valid values are ('go-git', 'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Extra git repositories to map into the repository\n                items:\n                  description: GitRepositoryInclude defines a source with a from and\n                    to path.\n                  properties:\n                    fromPath:\n                      description: The path to copy contents from, defaults to the\n                        root directory.\n                      type: string\n                    repository:\n                      description: Reference to a GitRepository to include.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: The path to copy contents to, defaults to the name\n                        of the source ref.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to check for repository updates.\n                type: string\n              recurseSubmodules:\n                description: When enabled, after the clone is created, initializes\n                  all submodules within, using their default settings. This option\n                  is available only when using the 'go-git' GitImplementation.\n                type: boolean\n              ref:\n                description: The Git reference to checkout and monitor for changes,\n                  defaults to master branch.\n                properties:\n                  branch:\n                    description: The Git branch to checkout, defaults to master.\n                    type: string\n                  commit:\n                    description: The Git commit SHA to checkout, if specified Tag\n                      filters will be ignored.\n                    type: string\n                  semver:\n                    description: The Git tag semver expression, takes precedence over\n                      Tag.\n                    type: string\n                  tag:\n                    description: The Git tag to checkout, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: The secret name containing the Git credentials. For HTTPS\n                  repositories the secret must contain username and password fields.\n                  For SSH repositories the secret must contain identity and known_hosts\n                  fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for remote Git operations like cloning, defaults\n                  to 60s.\n                type: string\n              url:\n                description: The repository URL, can be a HTTP/S or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verify OpenPGP signature for the Git commit HEAD points\n                  to.\n                properties:\n                  mode:\n                    description: Mode describes what git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: The secret name containing the public keys of all\n                      trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus defines the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts represents the included artifacts from\n                  the last successful repository sync.\n                items:\n                  description: Artifact represents the output of a source synchronisation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the artifact.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of this artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of this artifact.\n                      type: string\n                    revision:\n                      description: Revision is a human readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm index timestamp, a Helm chart version, etc.\n                      type: string\n                    url:\n                      description: URL is the HTTP address of this artifact.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last repository sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec specifies the required configuration to\n              produce an Artifact for a Git repository.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: GitImplementation specifies which Git client library\n                  implementation to use. Defaults to 'go-git', valid values are ('go-git',\n                  'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Include specifies a list of GitRepository resources which\n                  Artifacts should be included in the Artifact produced for this GitRepository.\n                items:\n                  description: GitRepositoryInclude specifies a local reference to\n                    a GitRepository which Artifact (sub-)contents must be included,\n                    and where they should be placed.\n                  properties:\n                    fromPath:\n                      description: FromPath specifies the path to copy contents from,\n                        defaults to the root of the Artifact.\n                      type: string\n                    repository:\n                      description: GitRepositoryRef specifies the GitRepository which\n                        Artifact contents must be included.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: ToPath specifies the path to copy contents to,\n                        defaults to the name of the GitRepositoryRef.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: Interval at which to check the GitRepository for updates.\n                type: string\n              recurseSubmodules:\n                description: RecurseSubmodules enables the initialization of all submodules\n                  within the GitRepository as cloned from the URL, using their default\n                  settings. This option is available only when using the 'go-git'\n                  GitImplementation.\n                type: boolean\n              ref:\n                description: Reference specifies the Git reference to resolve and\n                  monitor for changes, defaults to the 'master' branch.\n                properties:\n                  branch:\n                    description: \"Branch to check out, defaults to 'master' if no\n                      other field is defined. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', a shallow clone of the specified branch\n                      is performed.\"\n                    type: string\n                  commit:\n                    description: \"Commit SHA to check out, takes precedence over all\n                      reference fields. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', this can be combined with Branch to shallow\n                      clone the branch, in which the commit is expected to exist.\"\n                    type: string\n                  semver:\n                    description: SemVer tag expression to check out, takes precedence\n                      over Tag.\n                    type: string\n                  tag:\n                    description: Tag to check out, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the GitRepository. For HTTPS repositories the Secret\n                  must contain 'username' and 'password' fields. For SSH repositories\n                  the Secret must contain 'identity' and 'known_hosts' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this GitRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for Git operations like cloning, defaults to\n                  60s.\n                type: string\n              url:\n                description: URL specifies the Git repository URL, it can be an HTTP/S\n                  or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verification specifies the configuration to verify the\n                  Git commit signature(s).\n                properties:\n                  mode:\n                    description: Mode specifies what Git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: SecretRef specifies the Secret containing the public\n                      keys of trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus records the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful GitRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts contains a list of the last successfully\n                  included Artifacts as instructed by GitRepositorySpec.Include.\n                items:\n                  description: Artifact represents the output of a Source reconciliation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the Artifact\n                        file.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of the Artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of the Artifact.\n                        It can be used to locate the file in the root of the Artifact\n                        storage on the local file system of the controller managing\n                        the Source.\n                      type: string\n                    revision:\n                      description: Revision is a human-readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm chart version, etc.\n                      type: string\n                    size:\n                      description: Size is the number of bytes in the file.\n                      format: int64\n                      type: integer\n                    url:\n                      description: URL is the HTTP address of the Artifact as exposed\n                        by the controller managing the Source. It can be used to retrieve\n                        the Artifact for consumption, e.g. by another controller applying\n                        the Artifact contents.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the GitRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise GitRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-              "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmcharts.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmChart\n    listKind: HelmChartList\n    plural: helmcharts\n    shortNames:\n    - hc\n    singular: helmchart\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec defines the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: The name or path the Helm chart is available at in the\n                  SourceRef.\n                type: string\n              interval:\n                description: The interval at which to check the Source for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: Determines what enables the creation of a new artifact.\n                  Valid values are ('ChartVersion', 'Revision'). See the documentation\n                  of the values for an explanation on their behavior. Defaults to\n                  ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: The reference to the Source the chart is available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: Alternative values file to use as the default chart values,\n                  expected to be a relative path in the SourceRef. Deprecated in favor\n                  of ValuesFiles, for backwards compatibility the file defined here\n                  is merged before the ValuesFiles items. Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: Alternative list of values files to use as the chart\n                  values (values.yaml is not included by default), expected to be\n                  a relative path in the SourceRef. Values files are merged in the\n                  order of this list with the last file overriding the first. Ignored\n                  when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: The chart version semver expression, ignored for charts\n                  from GitRepository and Bucket sources. Defaults to latest when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus defines the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  chart sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last chart pulled.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec specifies the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: Chart is the name or path the Helm chart is available\n                  at in the SourceRef.\n                type: string\n              interval:\n                description: Interval is the interval at which to check the Source\n                  for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: ReconcileStrategy determines what enables the creation\n                  of a new artifact. Valid values are ('ChartVersion', 'Revision').\n                  See the documentation of the values for an explanation on their\n                  behavior. Defaults to ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: SourceRef is the reference to the Source the chart is\n                  available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: ValuesFile is an alternative values file to use as the\n                  default chart values, expected to be a relative path in the SourceRef.\n                  Deprecated in favor of ValuesFiles, for backwards compatibility\n                  the file specified here is merged before the ValuesFiles items.\n                  Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: ValuesFiles is an alternative list of values files to\n                  use as the chart values (values.yaml is not included by default),\n                  expected to be a relative path in the SourceRef. Values files are\n                  merged in the order of this list with the last file overriding the\n                  first. Ignored when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: Version is the chart version semver expression, ignored\n                  for charts from GitRepository and Bucket sources. Defaults to latest\n                  when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus records the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedChartName:\n                description: ObservedChartName is the last observed chart name as\n                  specified by the resolved chart reference.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmChart object.\n                format: int64\n                type: integer\n              observedSourceArtifactRevision:\n                description: ObservedSourceArtifactRevision is the last observed Artifact.Revision\n                  of the HelmChartSpec.SourceRef.\n                type: string\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-              "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmreleases.helm.toolkit.fluxcd.io\nspec:\n  group: helm.toolkit.fluxcd.io\n  names:\n    kind: HelmRelease\n    listKind: HelmReleaseList\n    plural: helmreleases\n    shortNames:\n    - hr\n    singular: helmrelease\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v2beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRelease is the Schema for the helmreleases API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmReleaseSpec defines the desired state of a Helm release.\n            properties:\n              chart:\n                description: Chart defines the template of the v1beta2.HelmChart that\n                  should be created for this HelmRelease.\n                properties:\n                  spec:\n                    description: Spec holds the template for the v1beta2.HelmChartSpec\n                      for this HelmRelease.\n                    properties:\n                      chart:\n                        description: The name or path the Helm chart is available\n                          at in the SourceRef.\n                        type: string\n                      interval:\n                        description: Interval at which to check the v1beta2.Source\n                          for updates. Defaults to 'HelmReleaseSpec.Interval'.\n                        type: string\n                      reconcileStrategy:\n                        default: ChartVersion\n                        description: Determines what enables the creation of a new\n                          artifact. Valid values are ('ChartVersion', 'Revision').\n                          See the documentation of the values for an explanation on\n                          their behavior. Defaults to ChartVersion when omitted.\n                        enum:\n                        - ChartVersion\n                        - Revision\n                        type: string\n                      sourceRef:\n                        description: The name and namespace of the v1beta2.Source\n                          the chart is available at.\n                        properties:\n                          apiVersion:\n                            description: APIVersion of the referent.\n                            type: string\n                          kind:\n                            description: Kind of the referent.\n                            enum:\n                            - HelmRepository\n                            - GitRepository\n                            - Bucket\n                            type: string\n                          name:\n                            description: Name of the referent.\n                            maxLength: 253\n                            minLength: 1\n                            type: string\n                          namespace:\n                            description: Namespace of the referent.\n                            maxLength: 63\n                            minLength: 1\n                            type: string\n                        required:\n                        - name\n                        type: object\n                      valuesFile:\n                        description: Alternative values file to use as the default\n                          chart values, expected to be a relative path in the SourceRef.\n                          Deprecated in favor of ValuesFiles, for backwards compatibility\n                          the file defined here is merged before the ValuesFiles items.\n                          Ignored when omitted.\n                        type: string\n                      valuesFiles:\n                        description: Alternative list of values files to use as the\n                          chart values (values.yaml is not included by default), expected\n                          to be a relative path in the SourceRef. Values files are\n                          merged in the order of this list with the last file overriding\n                          the first. Ignored when omitted.\n                        items:\n                          type: string\n                        type: array\n                      version:\n                        default: '*'\n                        description: Version semver expression, ignored for charts\n                          from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults\n                          to latest when omitted.\n                        type: string\n                    required:\n                    - chart\n                    - sourceRef\n                    type: object\n                required:\n                - spec\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to HelmRelease resources that must be ready\n                  before this HelmRelease can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              install:\n                description: Install holds the configuration for Helm install actions\n                  for this HelmRelease.\n                properties:\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Create`\n                      and if omitted CRDs are installed but not updated. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are applied (installed) during Helm install action. With this\n                      option users can opt-in to CRD replace existing CRDs on Helm\n                      install actions, which is not (yet) natively supported by Helm.\n                      https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  createNamespace:\n                    description: CreateNamespace tells the Helm install action to\n                      create the HelmReleaseSpec.TargetNamespace if it does not exist\n                      yet. On uninstall, the namespace will not be garbage collected.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm install action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm install\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm install has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm install has been performed.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm install action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an install\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false'.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          an uninstall, is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                    type: object\n                  replace:\n                    description: Replace tells the Helm install action to re-use the\n                      'ReleaseName', but only if that name is a deleted release which\n                      remains in the history.\n                    type: boolean\n                  skipCRDs:\n                    description: \"SkipCRDs tells the Helm install action to not install\n                      any CRDs. By default, CRDs are installed if not already present.\n                      \\n Deprecated use CRD policy (`crds`) attribute with value `Skip`\n                      instead.\"\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              interval:\n                description: Interval at which to reconcile the Helm release.\n                type: string\n              kubeConfig:\n                description: KubeConfig for reconciling the HelmRelease on a remote\n                  cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a key with the kubeconfig file as the value. If no key is specified\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the HelmRelease. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the HelmRelease.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              maxHistory:\n                description: MaxHistory is the number of revisions saved by Helm for\n                  this HelmRelease. Use '0' for an unlimited number of revisions;\n                  defaults to '10'.\n                type: integer\n              postRenderers:\n                description: PostRenderers holds an array of Helm PostRenderers, which\n                  will be applied in order of their definition.\n                items:\n                  description: PostRenderer contains a Helm PostRenderer specification.\n                  properties:\n                    kustomize:\n                      description: Kustomization to apply as PostRenderer.\n                      properties:\n                        images:\n                          description: Images is a list of (image name, new name,\n                            new tag or digest) for changing image names, tags or digests.\n                            This can also be achieved with a patch, but this operator\n                            is simpler to specify.\n                          items:\n                            description: Image contains an image name, a new name,\n                              a new tag or digest, which will replace the original\n                              name and tag.\n                            properties:\n                              digest:\n                                description: Digest is the value used to replace the\n                                  original image tag. If digest is present NewTag\n                                  value is ignored.\n                                type: string\n                              name:\n                                description: Name is a tag-less image name.\n                                type: string\n                              newName:\n                                description: NewName is the value used to replace\n                                  the original name.\n                                type: string\n                              newTag:\n                                description: NewTag is the value used to replace the\n                                  original tag.\n                                type: string\n                            required:\n                            - name\n                            type: object\n                          type: array\n                        patches:\n                          description: Strategic merge and JSON patches, defined as\n                            inline YAML objects, capable of targeting objects based\n                            on kind, label and annotation selectors.\n                          items:\n                            description: Patch contains an inline StrategicMerge or\n                              JSON6902 patch, and the target the patch should be applied\n                              to.\n                            properties:\n                              patch:\n                                description: Patch contains an inline StrategicMerge\n                                  patch or an inline JSON6902 patch with an array\n                                  of operation objects.\n                                type: string\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            type: object\n                          type: array\n                        patchesJson6902:\n                          description: JSON 6902 patches, defined as inline YAML objects.\n                          items:\n                            description: JSON6902Patch contains a JSON6902 patch and\n                              the target the patch should be applied to.\n                            properties:\n                              patch:\n                                description: Patch contains the JSON6902 patch document\n                                  with an array of operation objects.\n                                items:\n                                  description: JSON6902 is a JSON6902 operation object.\n                                    https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                  properties:\n                                    from:\n                                      description: From contains a JSON-pointer value\n                                        that references a location within the target\n                                        document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      type: string\n                                    op:\n                                      description: Op indicates the operation to perform.\n                                        Its value MUST be one of \"add\", \"remove\",\n                                        \"replace\", \"move\", \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                      enum:\n                                      - test\n                                      - remove\n                                      - add\n                                      - replace\n                                      - move\n                                      - copy\n                                      type: string\n                                    path:\n                                      description: Path contains the JSON-pointer\n                                        value that references a location within the\n                                        target document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op.\n                                      type: string\n                                    value:\n                                      description: Value contains a valid JSON structure.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      x-kubernetes-preserve-unknown-fields: true\n                                  required:\n                                  - op\n                                  - path\n                                  type: object\n                                type: array\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            required:\n                            - patch\n                            - target\n                            type: object\n                          type: array\n                        patchesStrategicMerge:\n                          description: Strategic merge patches, defined as inline\n                            YAML objects.\n                          items:\n                            x-kubernetes-preserve-unknown-fields: true\n                          type: array\n                      type: object\n                  type: object\n                type: array\n              releaseName:\n                description: ReleaseName used for the Helm release. Defaults to a\n                  composition of '[TargetNamespace-]Name'.\n                maxLength: 53\n                minLength: 1\n                type: string\n              rollback:\n                description: Rollback holds the configuration for Helm rollback actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm rollback action when it fails.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm rollback has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm rollback has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  recreate:\n                    description: Recreate performs pod restarts for the resource if\n                      applicable.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this HelmRelease.\n                type: string\n              storageNamespace:\n                description: StorageNamespace used for the Helm storage. Defaults\n                  to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              suspend:\n                description: Suspend tells the controller to suspend reconciliation\n                  for this HelmRelease, it does not apply to already started reconciliations.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace to target when performing operations\n                  for the HelmRelease. Defaults to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              test:\n                description: Test holds the configuration for Helm test actions for\n                  this HelmRelease.\n                properties:\n                  enable:\n                    description: Enable enables Helm test actions for this HelmRelease\n                      after an Helm install or upgrade action has been performed.\n                    type: boolean\n                  ignoreFailures:\n                    description: IgnoreFailures tells the controller to skip remediation\n                      when the Helm tests are run but fail. Can be overwritten for\n                      tests run after install or upgrade actions in 'Install.IgnoreTestFailures'\n                      and 'Upgrade.IgnoreTestFailures'.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation during the performance of a Helm test action. Defaults\n                      to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              timeout:\n                description: Timeout is the time to wait for any individual Kubernetes\n                  operation (like Jobs for hooks) during the performance of a Helm\n                  action. Defaults to '5m0s'.\n                type: string\n              uninstall:\n                description: Uninstall holds the configuration for Helm uninstall\n                  actions for this HelmRelease.\n                properties:\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables waiting for all the resources\n                      to be deleted after a Helm uninstall is performed.\n                    type: boolean\n                  keepHistory:\n                    description: KeepHistory tells Helm to remove all associated resources\n                      and mark the release as deleted, but retain the release history.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              upgrade:\n                description: Upgrade holds the configuration for Helm upgrade actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm upgrade action when it fails.\n                    type: boolean\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and\n                      if omitted CRDs are neither installed nor upgraded. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are not applied during Helm upgrade action. With this option\n                      users can opt-in to CRD upgrade, which is not (yet) natively\n                      supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm upgrade action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm upgrade\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm upgrade has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm upgrade has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  preserveValues:\n                    description: PreserveValues will make Helm reuse the last release's\n                      values and merge in overrides from 'Values'. Setting this flag\n                      makes the HelmRelease non-declarative.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm upgrade action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an upgrade\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false' unless 'Retries' is greater than 0.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          'Strategy', is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                      strategy:\n                        description: Strategy to use for failure remediation. Defaults\n                          to 'rollback'.\n                        enum:\n                        - rollback\n                        - uninstall\n                        type: string\n                    type: object\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              values:\n                description: Values holds the values for this Helm release.\n                x-kubernetes-preserve-unknown-fields: true\n              valuesFrom:\n                description: ValuesFrom holds references to resources containing Helm\n                  values for this HelmRelease, and information about how they should\n                  be merged.\n                items:\n                  description: ValuesReference contains a reference to a resource\n                    containing Helm values, and optionally the key they can be found\n                    at.\n                  properties:\n                    kind:\n                      description: Kind of the values referent, valid values are ('Secret',\n                        'ConfigMap').\n                      enum:\n                      - Secret\n                      - ConfigMap\n                      type: string\n                    name:\n                      description: Name of the values referent. Should reside in the\n                        same namespace as the referring resource.\n                      maxLength: 253\n                      minLength: 1\n                      type: string\n                    optional:\n                      description: Optional marks this ValuesReference as optional.\n                        When set, a not found error for the values reference is ignored,\n                        but any ValuesKey, TargetPath or transient error will still\n                        result in a reconciliation failure.\n                      type: boolean\n                    targetPath:\n                      description: TargetPath is the YAML dot notation path the value\n                        should be merged at. When set, the ValuesKey is expected to\n                        be a single flat value. Defaults to 'None', which results\n                        in the values getting merged at the root.\n                      type: string\n                    valuesKey:\n                      description: ValuesKey is the data key where the values.yaml\n                        or a specific value can be found at. Defaults to 'values.yaml'.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n            required:\n            - chart\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmReleaseStatus defines the observed state of a HelmRelease.\n            properties:\n              conditions:\n                description: Conditions holds the conditions for the HelmRelease.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              failures:\n                description: Failures is the reconciliation failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              helmChart:\n                description: HelmChart is the namespaced name of the HelmChart resource\n                  created by the controller for the HelmRelease.\n                type: string\n              installFailures:\n                description: InstallFailures is the install failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              lastAppliedRevision:\n                description: LastAppliedRevision is the revision of the last successfully\n                  applied source.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastAttemptedValuesChecksum:\n                description: LastAttemptedValuesChecksum is the SHA1 checksum of the\n                  values of the last reconciliation attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              lastReleaseRevision:\n                description: LastReleaseRevision is the revision of the last successful\n                  Helm release.\n                type: integer\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              upgradeFailures:\n                description: UpgradeFailures is the upgrade failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-              "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmRepository\n    listKind: HelmRepositoryList\n    plural: helmrepositories\n    shortNames:\n    - helmrepo\n    singular: helmrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec defines the reference to a Helm repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: The interval at which to check the upstream for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Helm repository. For HTTP/S basic auth the secret must contain\n                  username and password fields. For TLS the secret must contain a\n                  certFile and keyFile, and/or caCert fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout of index downloading, defaults to 60s.\n                type: string\n              url:\n                description: The Helm repository URL, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus defines the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last index fetched.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec specifies the required configuration to\n              produce an Artifact for a Helm repository index YAML.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: Interval at which to check the URL for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the HelmRepository. For HTTP/S basic auth the secret\n                  must contain 'username' and 'password' fields. For TLS the secret\n                  must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this HelmRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout of the index fetch operation, defaults to 60s.\n                type: string\n              url:\n                description: URL of the Helm repository, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus records the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful HelmRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise HelmRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-              "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomizations.kustomize.toolkit.fluxcd.io\nspec:\n  group: kustomize.toolkit.fluxcd.io\n  names:\n    kind: Kustomization\n    listKind: KustomizationList\n    plural: kustomizations\n    shortNames:\n    - ks\n    singular: kustomization\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the desired state of a kustomization.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When specified, KubeConfig takes precedence over\n                  ServiceAccountName.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a 'value' key with the kubeconfig file as the value. It must\n                      be in the same namespace as the Kustomization. It is recommended\n                      that the kubeconfig is self-contained, and the secret is regularly\n                      updated if credentials such as a cloud-access-token expire.\n                      Cloud specific `cmd-path` auth helpers will not function without\n                      adding binaries and credentials to the Pod that is responsible\n                      for reconciling the Kustomization.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: JSON 6902 patches, defined as inline YAML objects.\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: Strategic merge patches, defined as inline YAML objects.\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent\n                    type: string\n                  kind:\n                    description: Kind of the referent\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the Kustomization\n                      namespace\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: Validate the Kubernetes objects before applying them\n                  on the cluster. The validation strategy can be 'client' (local dry-run),\n                  'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',\n                  validation will fallback to 'client' if set to 'server' because\n                  server-side validation is not supported in this scenario.\n                enum:\n                - none\n                - client\n                - server\n                type: string\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n              snapshot:\n                description: The last successfully applied revision metadata.\n                properties:\n                  checksum:\n                    description: The manifests sha1 checksum.\n                    type: string\n                  entries:\n                    description: A list of Kubernetes kinds grouped by namespace.\n                    items:\n                      description: Snapshot holds the metadata of namespaced Kubernetes\n                        objects\n                      properties:\n                        kinds:\n                          additionalProperties:\n                            type: string\n                          description: The list of Kubernetes kinds.\n                          type: object\n                        namespace:\n                          description: The namespace of this entry.\n                          type: string\n                      required:\n                      - kinds\n                      type: object\n                    type: array\n                required:\n                - checksum\n                - entries\n                type: object\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the configuration to calculate\n              the desired state from a Source using Kustomize.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name of a secret that contains\n                      a key with the kubeconfig file as the value. If no key is set,\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the Kustomization. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the Kustomization.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:\n                  Use Patches instead.'\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: 'Strategic merge patches, defined as inline YAML objects.\n                  Deprecated: Use Patches instead.'\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                        optional:\n                          default: false\n                          description: Optional indicates whether the referenced resource\n                            must exist, or whether to tolerate its absence. If true\n                            and the referenced resource is absent, proceed as if the\n                            resource was present but empty, without any variables\n                            defined.\n                          type: boolean\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent.\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the namespace\n                      of the Kubernetes resource object that contains the reference.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: 'Deprecated: Not used in v1beta2.'\n                enum:\n                - none\n                - client\n                - server\n                type: string\n              wait:\n                description: Wait instructs the controller to check the health of\n                  all the reconciled resources. When enabled, the HealthChecks are\n                  ignored. Defaults to false.\n                type: boolean\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              inventory:\n                description: Inventory contains the list of Kubernetes resource object\n                  references that have been successfully applied.\n                properties:\n                  entries:\n                    description: Entries of Kubernetes resource object references.\n                    items:\n                      description: ResourceRef contains the information necessary\n                        to locate a resource within a cluster.\n                      properties:\n                        id:\n                          description: ID is the string representation of the Kubernetes\n                            resource object's metadata, in the format '\u003cnamespace\u003e_\u003cname\u003e_\u003cgroup\u003e_\u003ckind\u003e'.\n                          type: string\n                        v:\n                          description: Version is the API version of the Kubernetes\n                            resource object's kind.\n                          type: string\n                      required:\n                      - id\n                      - v\n                      type: object\n                    type: array\n                required:\n                - entries\n                type: object\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-              "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: providers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Provider\n    listKind: ProviderList\n    plural: providers\n    singular: provider\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Provider is the Schema for the providers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ProviderSpec defines the desired state of Provider\n            properties:\n              address:\n                description: HTTP/S webhook address of this provider\n                pattern: ^(http|https)://\n                type: string\n              certSecretRef:\n                description: CertSecretRef can be given the name of a secret containing\n                  a PEM-encoded CA certificate (`caFile`)\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              channel:\n                description: Alert channel for this provider\n                type: string\n              proxy:\n                description: HTTP/S address of the proxy\n                pattern: ^(http|https)://\n                type: string\n              secretRef:\n                description: Secret reference containing the provider webhook URL\n                  using \"address\" as data key\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of provider\n                enum:\n                - slack\n                - discord\n                - msteams\n                - rocket\n                - generic\n                - github\n                - gitlab\n                - bitbucket\n                - azuredevops\n                - googlechat\n                - webex\n                - sentry\n                - azureeventhub\n                - telegram\n                - lark\n                - matrix\n                - opsgenie\n                - alertmanager\n                - grafana\n                type: string\n              username:\n                description: Bot username for this provider\n                type: string\n            required:\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ProviderStatus defines the observed state of Provider\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-              "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: receivers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Receiver\n    listKind: ReceiverList\n    plural: receivers\n    singular: receiver\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Receiver is the Schema for the receivers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ReceiverSpec defines the desired state of Receiver\n            properties:\n              events:\n                description: A list of events to handle, e.g. 'push' for GitHub or\n                  'Push Hook' for GitLab.\n                items:\n                  type: string\n                type: array\n              resources:\n                description: A list of resources to be notified about changes.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              secretRef:\n                description: Secret reference containing the token used to validate\n                  the payload authenticity\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of webhook sender, used to determine the validation\n                  procedure and payload deserialization.\n                enum:\n                - generic\n                - generic-hmac\n                - github\n                - gitlab\n                - bitbucket\n                - harbor\n                - dockerhub\n                - quay\n                - gcr\n                - nexus\n                - acr\n                type: string\n            required:\n            - resources\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ReceiverStatus defines the observed state of Receiver\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-              "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helm-controller\n  namespace: flux-system",
-              "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomize-controller\n  namespace: flux-system",
-              "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: notification-controller\n  namespace: flux-system",
-              "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: source-controller\n  namespace: flux-system",
-              "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nrules:\n- apiGroups:\n  - source.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - kustomize.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - helm.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - notification.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - image.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - \"\"\n  resources:\n  - namespaces\n  - secrets\n  - configmaps\n  - serviceaccounts\n  verbs:\n  - get\n  - list\n  - watch\n- apiGroups:\n  - \"\"\n  resources:\n  - events\n  verbs:\n  - create\n  - patch\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps/status\n  verbs:\n  - get\n  - update\n  - patch\n- apiGroups:\n  - coordination.k8s.io\n  resources:\n  - leases\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete",
-              "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: cluster-reconciler-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system",
-              "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: crd-controller-flux-system\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: source-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: notification-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-reflector-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-automation-controller\n  namespace: flux-system",
-              "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: notification-controller\n  type: ClusterIP",
-              "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: source-controller\n  type: ClusterIP",
-              "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: webhook-receiver\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http-webhook\n  selector:\n    app: notification-controller\n  type: ClusterIP",
-              "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: helm-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: helm-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: helm-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/helm-controller:v0.21.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: helm-controller\n      terminationGracePeriodSeconds: 600\n      volumes:\n      - emptyDir: {}\n        name: temp",
-              "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: kustomize-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: kustomize-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: kustomize-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/kustomize-controller:v0.25.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: kustomize-controller\n      terminationGracePeriodSeconds: 60\n      volumes:\n      - emptyDir: {}\n        name: temp",
-              "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: notification-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: notification-controller\n    spec:\n      containers:\n      - args:\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/notification-controller:v0.23.5\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 9292\n          name: http-webhook\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: notification-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: temp",
-              "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: source-controller\n  strategy:\n    type: Recreate\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: source-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        - --storage-path=/data\n        - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/source-controller:v0.24.4\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /\n            port: http\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 50m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /data\n          name: data\n        - mountPath: /tmp\n          name: tmp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: source-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: data\n      - emptyDir: {}\n        name: tmp"
-            ],
-            "id": "974058759fd5b58b22f593bc00fac71b8ed7f6b34500fcda526f255a071cd7b5",
-            "manifests": {
-              "/api/v1/namespaces/flux-system": "apiVersion: v1\nkind: Namespace\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    pod-security.kubernetes.io/warn: restricted\n    pod-security.kubernetes.io/warn-version: latest\n  name: flux-system\n",
-              "/api/v1/namespaces/flux-system/serviceaccounts/helm-controller": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helm-controller\n  namespace: flux-system\n",
-              "/api/v1/namespaces/flux-system/serviceaccounts/kustomize-controller": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomize-controller\n  namespace: flux-system\n",
-              "/api/v1/namespaces/flux-system/serviceaccounts/notification-controller": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: notification-controller\n  namespace: flux-system\n",
-              "/api/v1/namespaces/flux-system/serviceaccounts/source-controller": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: source-controller\n  namespace: flux-system\n",
-              "/api/v1/namespaces/flux-system/services/notification-controller": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: notification-controller\n  type: ClusterIP\n",
-              "/api/v1/namespaces/flux-system/services/source-controller": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: source-controller\n  type: ClusterIP\n",
-              "/api/v1/namespaces/flux-system/services/webhook-receiver": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: webhook-receiver\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http-webhook\n  selector:\n    app: notification-controller\n  type: ClusterIP\n",
-              "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/alerts.notification.toolkit.fluxcd.io": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: alerts.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Alert\n    listKind: AlertList\n    plural: alerts\n    singular: alert\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Alert is the Schema for the alerts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: AlertSpec defines an alerting rule for events involving a\n              list of objects\n            properties:\n              eventSeverity:\n                default: info\n                description: Filter events based on severity, defaults to ('info').\n                  If set to 'info' no events will be filtered.\n                enum:\n                - info\n                - error\n                type: string\n              eventSources:\n                description: Filter events based on the involved objects.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              exclusionList:\n                description: A list of Golang regular expressions to be used for excluding\n                  messages.\n                items:\n                  type: string\n                type: array\n              providerRef:\n                description: Send events using this provider.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              summary:\n                description: Short description of the impact and affected cluster.\n                type: string\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events dispatching. Defaults to false.\n                type: boolean\n            required:\n            - eventSources\n            - providerRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: AlertStatus defines the observed state of Alert\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-              "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/buckets.source.toolkit.fluxcd.io": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: buckets.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: Bucket\n    listKind: BucketList\n    plural: buckets\n    singular: bucket\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec defines the desired state of an S3 compatible\n              bucket\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: The bucket name.\n                type: string\n              endpoint:\n                description: The bucket endpoint address.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.\n                type: boolean\n              interval:\n                description: The interval at which to check for bucket updates.\n                type: string\n              provider:\n                default: generic\n                description: The S3 compatible storage provider name, default ('generic').\n                enum:\n                - generic\n                - aws\n                - gcp\n                type: string\n              region:\n                description: The bucket region.\n                type: string\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for download operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus defines the observed state of a bucket\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  Bucket sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last Bucket sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec specifies the required configuration to produce\n              an Artifact for an object storage bucket.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: BucketName is the name of the object storage bucket.\n                type: string\n              endpoint:\n                description: Endpoint is the object storage address the BucketName\n                  is located at.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS HTTP Endpoint.\n                type: boolean\n              interval:\n                description: Interval at which to check the Endpoint for updates.\n                type: string\n              provider:\n                default: generic\n                description: Provider of the object storage bucket. Defaults to 'generic',\n                  which expects an S3 (API) compatible object storage.\n                enum:\n                - generic\n                - aws\n                - gcp\n                - azure\n                type: string\n              region:\n                description: Region of the Endpoint where the BucketName is located\n                  in.\n                type: string\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this Bucket.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for fetch operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus records the observed state of a Bucket.\n            properties:\n              artifact:\n                description: Artifact represents the last successful Bucket reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the Bucket object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-              "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/gitrepositories.source.toolkit.fluxcd.io": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: gitrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: GitRepository\n    listKind: GitRepositoryList\n    plural: gitrepositories\n    shortNames:\n    - gitrepo\n    singular: gitrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec defines the desired state of a Git repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: Determines which git client library to use. Defaults\n                  to go-git, valid values are ('go-git', 'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Extra git repositories to map into the repository\n                items:\n                  description: GitRepositoryInclude defines a source with a from and\n                    to path.\n                  properties:\n                    fromPath:\n                      description: The path to copy contents from, defaults to the\n                        root directory.\n                      type: string\n                    repository:\n                      description: Reference to a GitRepository to include.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: The path to copy contents to, defaults to the name\n                        of the source ref.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to check for repository updates.\n                type: string\n              recurseSubmodules:\n                description: When enabled, after the clone is created, initializes\n                  all submodules within, using their default settings. This option\n                  is available only when using the 'go-git' GitImplementation.\n                type: boolean\n              ref:\n                description: The Git reference to checkout and monitor for changes,\n                  defaults to master branch.\n                properties:\n                  branch:\n                    description: The Git branch to checkout, defaults to master.\n                    type: string\n                  commit:\n                    description: The Git commit SHA to checkout, if specified Tag\n                      filters will be ignored.\n                    type: string\n                  semver:\n                    description: The Git tag semver expression, takes precedence over\n                      Tag.\n                    type: string\n                  tag:\n                    description: The Git tag to checkout, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: The secret name containing the Git credentials. For HTTPS\n                  repositories the secret must contain username and password fields.\n                  For SSH repositories the secret must contain identity and known_hosts\n                  fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for remote Git operations like cloning, defaults\n                  to 60s.\n                type: string\n              url:\n                description: The repository URL, can be a HTTP/S or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verify OpenPGP signature for the Git commit HEAD points\n                  to.\n                properties:\n                  mode:\n                    description: Mode describes what git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: The secret name containing the public keys of all\n                      trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus defines the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts represents the included artifacts from\n                  the last successful repository sync.\n                items:\n                  description: Artifact represents the output of a source synchronisation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the artifact.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of this artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of this artifact.\n                      type: string\n                    revision:\n                      description: Revision is a human readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm index timestamp, a Helm chart version, etc.\n                      type: string\n                    url:\n                      description: URL is the HTTP address of this artifact.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last repository sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec specifies the required configuration to\n              produce an Artifact for a Git repository.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: GitImplementation specifies which Git client library\n                  implementation to use. Defaults to 'go-git', valid values are ('go-git',\n                  'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Include specifies a list of GitRepository resources which\n                  Artifacts should be included in the Artifact produced for this GitRepository.\n                items:\n                  description: GitRepositoryInclude specifies a local reference to\n                    a GitRepository which Artifact (sub-)contents must be included,\n                    and where they should be placed.\n                  properties:\n                    fromPath:\n                      description: FromPath specifies the path to copy contents from,\n                        defaults to the root of the Artifact.\n                      type: string\n                    repository:\n                      description: GitRepositoryRef specifies the GitRepository which\n                        Artifact contents must be included.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: ToPath specifies the path to copy contents to,\n                        defaults to the name of the GitRepositoryRef.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: Interval at which to check the GitRepository for updates.\n                type: string\n              recurseSubmodules:\n                description: RecurseSubmodules enables the initialization of all submodules\n                  within the GitRepository as cloned from the URL, using their default\n                  settings. This option is available only when using the 'go-git'\n                  GitImplementation.\n                type: boolean\n              ref:\n                description: Reference specifies the Git reference to resolve and\n                  monitor for changes, defaults to the 'master' branch.\n                properties:\n                  branch:\n                    description: \"Branch to check out, defaults to 'master' if no\n                      other field is defined. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', a shallow clone of the specified branch\n                      is performed.\"\n                    type: string\n                  commit:\n                    description: \"Commit SHA to check out, takes precedence over all\n                      reference fields. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', this can be combined with Branch to shallow\n                      clone the branch, in which the commit is expected to exist.\"\n                    type: string\n                  semver:\n                    description: SemVer tag expression to check out, takes precedence\n                      over Tag.\n                    type: string\n                  tag:\n                    description: Tag to check out, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the GitRepository. For HTTPS repositories the Secret\n                  must contain 'username' and 'password' fields. For SSH repositories\n                  the Secret must contain 'identity' and 'known_hosts' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this GitRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for Git operations like cloning, defaults to\n                  60s.\n                type: string\n              url:\n                description: URL specifies the Git repository URL, it can be an HTTP/S\n                  or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verification specifies the configuration to verify the\n                  Git commit signature(s).\n                properties:\n                  mode:\n                    description: Mode specifies what Git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: SecretRef specifies the Secret containing the public\n                      keys of trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus records the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful GitRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts contains a list of the last successfully\n                  included Artifacts as instructed by GitRepositorySpec.Include.\n                items:\n                  description: Artifact represents the output of a Source reconciliation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the Artifact\n                        file.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of the Artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of the Artifact.\n                        It can be used to locate the file in the root of the Artifact\n                        storage on the local file system of the controller managing\n                        the Source.\n                      type: string\n                    revision:\n                      description: Revision is a human-readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm chart version, etc.\n                      type: string\n                    size:\n                      description: Size is the number of bytes in the file.\n                      format: int64\n                      type: integer\n                    url:\n                      description: URL is the HTTP address of the Artifact as exposed\n                        by the controller managing the Source. It can be used to retrieve\n                        the Artifact for consumption, e.g. by another controller applying\n                        the Artifact contents.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the GitRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise GitRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-              "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/helmcharts.source.toolkit.fluxcd.io": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmcharts.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmChart\n    listKind: HelmChartList\n    plural: helmcharts\n    shortNames:\n    - hc\n    singular: helmchart\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec defines the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: The name or path the Helm chart is available at in the\n                  SourceRef.\n                type: string\n              interval:\n                description: The interval at which to check the Source for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: Determines what enables the creation of a new artifact.\n                  Valid values are ('ChartVersion', 'Revision'). See the documentation\n                  of the values for an explanation on their behavior. Defaults to\n                  ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: The reference to the Source the chart is available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: Alternative values file to use as the default chart values,\n                  expected to be a relative path in the SourceRef. Deprecated in favor\n                  of ValuesFiles, for backwards compatibility the file defined here\n                  is merged before the ValuesFiles items. Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: Alternative list of values files to use as the chart\n                  values (values.yaml is not included by default), expected to be\n                  a relative path in the SourceRef. Values files are merged in the\n                  order of this list with the last file overriding the first. Ignored\n                  when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: The chart version semver expression, ignored for charts\n                  from GitRepository and Bucket sources. Defaults to latest when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus defines the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  chart sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last chart pulled.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec specifies the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: Chart is the name or path the Helm chart is available\n                  at in the SourceRef.\n                type: string\n              interval:\n                description: Interval is the interval at which to check the Source\n                  for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: ReconcileStrategy determines what enables the creation\n                  of a new artifact. Valid values are ('ChartVersion', 'Revision').\n                  See the documentation of the values for an explanation on their\n                  behavior. Defaults to ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: SourceRef is the reference to the Source the chart is\n                  available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: ValuesFile is an alternative values file to use as the\n                  default chart values, expected to be a relative path in the SourceRef.\n                  Deprecated in favor of ValuesFiles, for backwards compatibility\n                  the file specified here is merged before the ValuesFiles items.\n                  Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: ValuesFiles is an alternative list of values files to\n                  use as the chart values (values.yaml is not included by default),\n                  expected to be a relative path in the SourceRef. Values files are\n                  merged in the order of this list with the last file overriding the\n                  first. Ignored when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: Version is the chart version semver expression, ignored\n                  for charts from GitRepository and Bucket sources. Defaults to latest\n                  when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus records the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedChartName:\n                description: ObservedChartName is the last observed chart name as\n                  specified by the resolved chart reference.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmChart object.\n                format: int64\n                type: integer\n              observedSourceArtifactRevision:\n                description: ObservedSourceArtifactRevision is the last observed Artifact.Revision\n                  of the HelmChartSpec.SourceRef.\n                type: string\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-              "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/helmreleases.helm.toolkit.fluxcd.io": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmreleases.helm.toolkit.fluxcd.io\nspec:\n  group: helm.toolkit.fluxcd.io\n  names:\n    kind: HelmRelease\n    listKind: HelmReleaseList\n    plural: helmreleases\n    shortNames:\n    - hr\n    singular: helmrelease\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v2beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRelease is the Schema for the helmreleases API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmReleaseSpec defines the desired state of a Helm release.\n            properties:\n              chart:\n                description: Chart defines the template of the v1beta2.HelmChart that\n                  should be created for this HelmRelease.\n                properties:\n                  spec:\n                    description: Spec holds the template for the v1beta2.HelmChartSpec\n                      for this HelmRelease.\n                    properties:\n                      chart:\n                        description: The name or path the Helm chart is available\n                          at in the SourceRef.\n                        type: string\n                      interval:\n                        description: Interval at which to check the v1beta2.Source\n                          for updates. Defaults to 'HelmReleaseSpec.Interval'.\n                        type: string\n                      reconcileStrategy:\n                        default: ChartVersion\n                        description: Determines what enables the creation of a new\n                          artifact. Valid values are ('ChartVersion', 'Revision').\n                          See the documentation of the values for an explanation on\n                          their behavior. Defaults to ChartVersion when omitted.\n                        enum:\n                        - ChartVersion\n                        - Revision\n                        type: string\n                      sourceRef:\n                        description: The name and namespace of the v1beta2.Source\n                          the chart is available at.\n                        properties:\n                          apiVersion:\n                            description: APIVersion of the referent.\n                            type: string\n                          kind:\n                            description: Kind of the referent.\n                            enum:\n                            - HelmRepository\n                            - GitRepository\n                            - Bucket\n                            type: string\n                          name:\n                            description: Name of the referent.\n                            maxLength: 253\n                            minLength: 1\n                            type: string\n                          namespace:\n                            description: Namespace of the referent.\n                            maxLength: 63\n                            minLength: 1\n                            type: string\n                        required:\n                        - name\n                        type: object\n                      valuesFile:\n                        description: Alternative values file to use as the default\n                          chart values, expected to be a relative path in the SourceRef.\n                          Deprecated in favor of ValuesFiles, for backwards compatibility\n                          the file defined here is merged before the ValuesFiles items.\n                          Ignored when omitted.\n                        type: string\n                      valuesFiles:\n                        description: Alternative list of values files to use as the\n                          chart values (values.yaml is not included by default), expected\n                          to be a relative path in the SourceRef. Values files are\n                          merged in the order of this list with the last file overriding\n                          the first. Ignored when omitted.\n                        items:\n                          type: string\n                        type: array\n                      version:\n                        default: '*'\n                        description: Version semver expression, ignored for charts\n                          from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults\n                          to latest when omitted.\n                        type: string\n                    required:\n                    - chart\n                    - sourceRef\n                    type: object\n                required:\n                - spec\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to HelmRelease resources that must be ready\n                  before this HelmRelease can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              install:\n                description: Install holds the configuration for Helm install actions\n                  for this HelmRelease.\n                properties:\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Create`\n                      and if omitted CRDs are installed but not updated. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are applied (installed) during Helm install action. With this\n                      option users can opt-in to CRD replace existing CRDs on Helm\n                      install actions, which is not (yet) natively supported by Helm.\n                      https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  createNamespace:\n                    description: CreateNamespace tells the Helm install action to\n                      create the HelmReleaseSpec.TargetNamespace if it does not exist\n                      yet. On uninstall, the namespace will not be garbage collected.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm install action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm install\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm install has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm install has been performed.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm install action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an install\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false'.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          an uninstall, is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                    type: object\n                  replace:\n                    description: Replace tells the Helm install action to re-use the\n                      'ReleaseName', but only if that name is a deleted release which\n                      remains in the history.\n                    type: boolean\n                  skipCRDs:\n                    description: \"SkipCRDs tells the Helm install action to not install\n                      any CRDs. By default, CRDs are installed if not already present.\n                      \\n Deprecated use CRD policy (`crds`) attribute with value `Skip`\n                      instead.\"\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              interval:\n                description: Interval at which to reconcile the Helm release.\n                type: string\n              kubeConfig:\n                description: KubeConfig for reconciling the HelmRelease on a remote\n                  cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a key with the kubeconfig file as the value. If no key is specified\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the HelmRelease. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the HelmRelease.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              maxHistory:\n                description: MaxHistory is the number of revisions saved by Helm for\n                  this HelmRelease. Use '0' for an unlimited number of revisions;\n                  defaults to '10'.\n                type: integer\n              postRenderers:\n                description: PostRenderers holds an array of Helm PostRenderers, which\n                  will be applied in order of their definition.\n                items:\n                  description: PostRenderer contains a Helm PostRenderer specification.\n                  properties:\n                    kustomize:\n                      description: Kustomization to apply as PostRenderer.\n                      properties:\n                        images:\n                          description: Images is a list of (image name, new name,\n                            new tag or digest) for changing image names, tags or digests.\n                            This can also be achieved with a patch, but this operator\n                            is simpler to specify.\n                          items:\n                            description: Image contains an image name, a new name,\n                              a new tag or digest, which will replace the original\n                              name and tag.\n                            properties:\n                              digest:\n                                description: Digest is the value used to replace the\n                                  original image tag. If digest is present NewTag\n                                  value is ignored.\n                                type: string\n                              name:\n                                description: Name is a tag-less image name.\n                                type: string\n                              newName:\n                                description: NewName is the value used to replace\n                                  the original name.\n                                type: string\n                              newTag:\n                                description: NewTag is the value used to replace the\n                                  original tag.\n                                type: string\n                            required:\n                            - name\n                            type: object\n                          type: array\n                        patches:\n                          description: Strategic merge and JSON patches, defined as\n                            inline YAML objects, capable of targeting objects based\n                            on kind, label and annotation selectors.\n                          items:\n                            description: Patch contains an inline StrategicMerge or\n                              JSON6902 patch, and the target the patch should be applied\n                              to.\n                            properties:\n                              patch:\n                                description: Patch contains an inline StrategicMerge\n                                  patch or an inline JSON6902 patch with an array\n                                  of operation objects.\n                                type: string\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            type: object\n                          type: array\n                        patchesJson6902:\n                          description: JSON 6902 patches, defined as inline YAML objects.\n                          items:\n                            description: JSON6902Patch contains a JSON6902 patch and\n                              the target the patch should be applied to.\n                            properties:\n                              patch:\n                                description: Patch contains the JSON6902 patch document\n                                  with an array of operation objects.\n                                items:\n                                  description: JSON6902 is a JSON6902 operation object.\n                                    https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                  properties:\n                                    from:\n                                      description: From contains a JSON-pointer value\n                                        that references a location within the target\n                                        document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      type: string\n                                    op:\n                                      description: Op indicates the operation to perform.\n                                        Its value MUST be one of \"add\", \"remove\",\n                                        \"replace\", \"move\", \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                      enum:\n                                      - test\n                                      - remove\n                                      - add\n                                      - replace\n                                      - move\n                                      - copy\n                                      type: string\n                                    path:\n                                      description: Path contains the JSON-pointer\n                                        value that references a location within the\n                                        target document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op.\n                                      type: string\n                                    value:\n                                      description: Value contains a valid JSON structure.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      x-kubernetes-preserve-unknown-fields: true\n                                  required:\n                                  - op\n                                  - path\n                                  type: object\n                                type: array\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            required:\n                            - patch\n                            - target\n                            type: object\n                          type: array\n                        patchesStrategicMerge:\n                          description: Strategic merge patches, defined as inline\n                            YAML objects.\n                          items:\n                            x-kubernetes-preserve-unknown-fields: true\n                          type: array\n                      type: object\n                  type: object\n                type: array\n              releaseName:\n                description: ReleaseName used for the Helm release. Defaults to a\n                  composition of '[TargetNamespace-]Name'.\n                maxLength: 53\n                minLength: 1\n                type: string\n              rollback:\n                description: Rollback holds the configuration for Helm rollback actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm rollback action when it fails.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm rollback has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm rollback has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  recreate:\n                    description: Recreate performs pod restarts for the resource if\n                      applicable.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this HelmRelease.\n                type: string\n              storageNamespace:\n                description: StorageNamespace used for the Helm storage. Defaults\n                  to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              suspend:\n                description: Suspend tells the controller to suspend reconciliation\n                  for this HelmRelease, it does not apply to already started reconciliations.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace to target when performing operations\n                  for the HelmRelease. Defaults to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              test:\n                description: Test holds the configuration for Helm test actions for\n                  this HelmRelease.\n                properties:\n                  enable:\n                    description: Enable enables Helm test actions for this HelmRelease\n                      after an Helm install or upgrade action has been performed.\n                    type: boolean\n                  ignoreFailures:\n                    description: IgnoreFailures tells the controller to skip remediation\n                      when the Helm tests are run but fail. Can be overwritten for\n                      tests run after install or upgrade actions in 'Install.IgnoreTestFailures'\n                      and 'Upgrade.IgnoreTestFailures'.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation during the performance of a Helm test action. Defaults\n                      to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              timeout:\n                description: Timeout is the time to wait for any individual Kubernetes\n                  operation (like Jobs for hooks) during the performance of a Helm\n                  action. Defaults to '5m0s'.\n                type: string\n              uninstall:\n                description: Uninstall holds the configuration for Helm uninstall\n                  actions for this HelmRelease.\n                properties:\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables waiting for all the resources\n                      to be deleted after a Helm uninstall is performed.\n                    type: boolean\n                  keepHistory:\n                    description: KeepHistory tells Helm to remove all associated resources\n                      and mark the release as deleted, but retain the release history.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              upgrade:\n                description: Upgrade holds the configuration for Helm upgrade actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm upgrade action when it fails.\n                    type: boolean\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and\n                      if omitted CRDs are neither installed nor upgraded. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are not applied during Helm upgrade action. With this option\n                      users can opt-in to CRD upgrade, which is not (yet) natively\n                      supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm upgrade action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm upgrade\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm upgrade has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm upgrade has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  preserveValues:\n                    description: PreserveValues will make Helm reuse the last release's\n                      values and merge in overrides from 'Values'. Setting this flag\n                      makes the HelmRelease non-declarative.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm upgrade action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an upgrade\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false' unless 'Retries' is greater than 0.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          'Strategy', is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                      strategy:\n                        description: Strategy to use for failure remediation. Defaults\n                          to 'rollback'.\n                        enum:\n                        - rollback\n                        - uninstall\n                        type: string\n                    type: object\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              values:\n                description: Values holds the values for this Helm release.\n                x-kubernetes-preserve-unknown-fields: true\n              valuesFrom:\n                description: ValuesFrom holds references to resources containing Helm\n                  values for this HelmRelease, and information about how they should\n                  be merged.\n                items:\n                  description: ValuesReference contains a reference to a resource\n                    containing Helm values, and optionally the key they can be found\n                    at.\n                  properties:\n                    kind:\n                      description: Kind of the values referent, valid values are ('Secret',\n                        'ConfigMap').\n                      enum:\n                      - Secret\n                      - ConfigMap\n                      type: string\n                    name:\n                      description: Name of the values referent. Should reside in the\n                        same namespace as the referring resource.\n                      maxLength: 253\n                      minLength: 1\n                      type: string\n                    optional:\n                      description: Optional marks this ValuesReference as optional.\n                        When set, a not found error for the values reference is ignored,\n                        but any ValuesKey, TargetPath or transient error will still\n                        result in a reconciliation failure.\n                      type: boolean\n                    targetPath:\n                      description: TargetPath is the YAML dot notation path the value\n                        should be merged at. When set, the ValuesKey is expected to\n                        be a single flat value. Defaults to 'None', which results\n                        in the values getting merged at the root.\n                      type: string\n                    valuesKey:\n                      description: ValuesKey is the data key where the values.yaml\n                        or a specific value can be found at. Defaults to 'values.yaml'.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n            required:\n            - chart\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmReleaseStatus defines the observed state of a HelmRelease.\n            properties:\n              conditions:\n                description: Conditions holds the conditions for the HelmRelease.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              failures:\n                description: Failures is the reconciliation failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              helmChart:\n                description: HelmChart is the namespaced name of the HelmChart resource\n                  created by the controller for the HelmRelease.\n                type: string\n              installFailures:\n                description: InstallFailures is the install failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              lastAppliedRevision:\n                description: LastAppliedRevision is the revision of the last successfully\n                  applied source.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastAttemptedValuesChecksum:\n                description: LastAttemptedValuesChecksum is the SHA1 checksum of the\n                  values of the last reconciliation attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              lastReleaseRevision:\n                description: LastReleaseRevision is the revision of the last successful\n                  Helm release.\n                type: integer\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              upgradeFailures:\n                description: UpgradeFailures is the upgrade failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-              "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/helmrepositories.source.toolkit.fluxcd.io": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmRepository\n    listKind: HelmRepositoryList\n    plural: helmrepositories\n    shortNames:\n    - helmrepo\n    singular: helmrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec defines the reference to a Helm repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: The interval at which to check the upstream for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Helm repository. For HTTP/S basic auth the secret must contain\n                  username and password fields. For TLS the secret must contain a\n                  certFile and keyFile, and/or caCert fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout of index downloading, defaults to 60s.\n                type: string\n              url:\n                description: The Helm repository URL, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus defines the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last index fetched.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec specifies the required configuration to\n              produce an Artifact for a Helm repository index YAML.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: Interval at which to check the URL for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the HelmRepository. For HTTP/S basic auth the secret\n                  must contain 'username' and 'password' fields. For TLS the secret\n                  must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this HelmRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout of the index fetch operation, defaults to 60s.\n                type: string\n              url:\n                description: URL of the Helm repository, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus records the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful HelmRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise HelmRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-              "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/kustomizations.kustomize.toolkit.fluxcd.io": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomizations.kustomize.toolkit.fluxcd.io\nspec:\n  group: kustomize.toolkit.fluxcd.io\n  names:\n    kind: Kustomization\n    listKind: KustomizationList\n    plural: kustomizations\n    shortNames:\n    - ks\n    singular: kustomization\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the desired state of a kustomization.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When specified, KubeConfig takes precedence over\n                  ServiceAccountName.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a 'value' key with the kubeconfig file as the value. It must\n                      be in the same namespace as the Kustomization. It is recommended\n                      that the kubeconfig is self-contained, and the secret is regularly\n                      updated if credentials such as a cloud-access-token expire.\n                      Cloud specific `cmd-path` auth helpers will not function without\n                      adding binaries and credentials to the Pod that is responsible\n                      for reconciling the Kustomization.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: JSON 6902 patches, defined as inline YAML objects.\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: Strategic merge patches, defined as inline YAML objects.\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent\n                    type: string\n                  kind:\n                    description: Kind of the referent\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the Kustomization\n                      namespace\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: Validate the Kubernetes objects before applying them\n                  on the cluster. The validation strategy can be 'client' (local dry-run),\n                  'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',\n                  validation will fallback to 'client' if set to 'server' because\n                  server-side validation is not supported in this scenario.\n                enum:\n                - none\n                - client\n                - server\n                type: string\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n              snapshot:\n                description: The last successfully applied revision metadata.\n                properties:\n                  checksum:\n                    description: The manifests sha1 checksum.\n                    type: string\n                  entries:\n                    description: A list of Kubernetes kinds grouped by namespace.\n                    items:\n                      description: Snapshot holds the metadata of namespaced Kubernetes\n                        objects\n                      properties:\n                        kinds:\n                          additionalProperties:\n                            type: string\n                          description: The list of Kubernetes kinds.\n                          type: object\n                        namespace:\n                          description: The namespace of this entry.\n                          type: string\n                      required:\n                      - kinds\n                      type: object\n                    type: array\n                required:\n                - checksum\n                - entries\n                type: object\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the configuration to calculate\n              the desired state from a Source using Kustomize.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name of a secret that contains\n                      a key with the kubeconfig file as the value. If no key is set,\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the Kustomization. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the Kustomization.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:\n                  Use Patches instead.'\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: 'Strategic merge patches, defined as inline YAML objects.\n                  Deprecated: Use Patches instead.'\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                        optional:\n                          default: false\n                          description: Optional indicates whether the referenced resource\n                            must exist, or whether to tolerate its absence. If true\n                            and the referenced resource is absent, proceed as if the\n                            resource was present but empty, without any variables\n                            defined.\n                          type: boolean\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent.\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the namespace\n                      of the Kubernetes resource object that contains the reference.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: 'Deprecated: Not used in v1beta2.'\n                enum:\n                - none\n                - client\n                - server\n                type: string\n              wait:\n                description: Wait instructs the controller to check the health of\n                  all the reconciled resources. When enabled, the HealthChecks are\n                  ignored. Defaults to false.\n                type: boolean\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              inventory:\n                description: Inventory contains the list of Kubernetes resource object\n                  references that have been successfully applied.\n                properties:\n                  entries:\n                    description: Entries of Kubernetes resource object references.\n                    items:\n                      description: ResourceRef contains the information necessary\n                        to locate a resource within a cluster.\n                      properties:\n                        id:\n                          description: ID is the string representation of the Kubernetes\n                            resource object's metadata, in the format '\u003cnamespace\u003e_\u003cname\u003e_\u003cgroup\u003e_\u003ckind\u003e'.\n                          type: string\n                        v:\n                          description: Version is the API version of the Kubernetes\n                            resource object's kind.\n                          type: string\n                      required:\n                      - id\n                      - v\n                      type: object\n                    type: array\n                required:\n                - entries\n                type: object\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-              "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/providers.notification.toolkit.fluxcd.io": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: providers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Provider\n    listKind: ProviderList\n    plural: providers\n    singular: provider\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Provider is the Schema for the providers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ProviderSpec defines the desired state of Provider\n            properties:\n              address:\n                description: HTTP/S webhook address of this provider\n                pattern: ^(http|https)://\n                type: string\n              certSecretRef:\n                description: CertSecretRef can be given the name of a secret containing\n                  a PEM-encoded CA certificate (`caFile`)\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              channel:\n                description: Alert channel for this provider\n                type: string\n              proxy:\n                description: HTTP/S address of the proxy\n                pattern: ^(http|https)://\n                type: string\n              secretRef:\n                description: Secret reference containing the provider webhook URL\n                  using \"address\" as data key\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of provider\n                enum:\n                - slack\n                - discord\n                - msteams\n                - rocket\n                - generic\n                - github\n                - gitlab\n                - bitbucket\n                - azuredevops\n                - googlechat\n                - webex\n                - sentry\n                - azureeventhub\n                - telegram\n                - lark\n                - matrix\n                - opsgenie\n                - alertmanager\n                - grafana\n                type: string\n              username:\n                description: Bot username for this provider\n                type: string\n            required:\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ProviderStatus defines the observed state of Provider\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-              "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/receivers.notification.toolkit.fluxcd.io": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: receivers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Receiver\n    listKind: ReceiverList\n    plural: receivers\n    singular: receiver\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Receiver is the Schema for the receivers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ReceiverSpec defines the desired state of Receiver\n            properties:\n              events:\n                description: A list of events to handle, e.g. 'push' for GitHub or\n                  'Push Hook' for GitLab.\n                items:\n                  type: string\n                type: array\n              resources:\n                description: A list of resources to be notified about changes.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              secretRef:\n                description: Secret reference containing the token used to validate\n                  the payload authenticity\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of webhook sender, used to determine the validation\n                  procedure and payload deserialization.\n                enum:\n                - generic\n                - generic-hmac\n                - github\n                - gitlab\n                - bitbucket\n                - harbor\n                - dockerhub\n                - quay\n                - gcr\n                - nexus\n                - acr\n                type: string\n            required:\n            - resources\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ReceiverStatus defines the observed state of Receiver\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-              "/apis/apps/v1/namespaces/flux-system/deployments/helm-controller": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: helm-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: helm-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: helm-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/helm-controller:v0.21.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: helm-controller\n      terminationGracePeriodSeconds: 600\n      volumes:\n      - emptyDir: {}\n        name: temp\n",
-              "/apis/apps/v1/namespaces/flux-system/deployments/kustomize-controller": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: kustomize-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: kustomize-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: kustomize-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/kustomize-controller:v0.25.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: kustomize-controller\n      terminationGracePeriodSeconds: 60\n      volumes:\n      - emptyDir: {}\n        name: temp\n",
-              "/apis/apps/v1/namespaces/flux-system/deployments/notification-controller": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: notification-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: notification-controller\n    spec:\n      containers:\n      - args:\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/notification-controller:v0.23.5\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 9292\n          name: http-webhook\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: notification-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: temp\n",
-              "/apis/apps/v1/namespaces/flux-system/deployments/source-controller": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: source-controller\n  strategy:\n    type: Recreate\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: source-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        - --storage-path=/data\n        - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/source-controller:v0.24.4\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /\n            port: http\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 50m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /data\n          name: data\n        - mountPath: /tmp\n          name: tmp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: source-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: data\n      - emptyDir: {}\n        name: tmp\n",
-              "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/cluster-reconciler-flux-system": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: cluster-reconciler-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n",
-              "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/crd-controller-flux-system": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: crd-controller-flux-system\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: source-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: notification-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-reflector-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-automation-controller\n  namespace: flux-system\n",
-              "/apis/rbac.authorization.k8s.io/v1/clusterroles/crd-controller-flux-system": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nrules:\n- apiGroups:\n  - source.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - kustomize.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - helm.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - notification.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - image.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - \"\"\n  resources:\n  - namespaces\n  - secrets\n  - configmaps\n  - serviceaccounts\n  verbs:\n  - get\n  - list\n  - watch\n- apiGroups:\n  - \"\"\n  resources:\n  - events\n  verbs:\n  - create\n  - patch\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps/status\n  verbs:\n  - get\n  - update\n  - patch\n- apiGroups:\n  - coordination.k8s.io\n  resources:\n  - leases\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n"
-            }
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.flux",
-      "mode": "data",
-      "type": "kubectl_file_documents",
-      "name": "sync",
-      "provider": "module.flux.provider[\"registry.terraform.io/gavinbunney/kubectl\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "content": "# This manifest was generated by flux. DO NOT EDIT.\n---\napiVersion: source.toolkit.fluxcd.io/v1beta2\nkind: GitRepository\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 1m0s\n  ref:\n    branch: main\n  secretRef:\n    name: flux-system\n  url: ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git\n---\napiVersion: kustomize.toolkit.fluxcd.io/v1beta2\nkind: Kustomization\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 10m0s\n  path: ./clank\n  prune: true\n  sourceRef:\n    kind: GitRepository\n    name: flux-system\n",
-            "documents": [
-              "apiVersion: source.toolkit.fluxcd.io/v1beta2\nkind: GitRepository\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 1m0s\n  ref:\n    branch: main\n  secretRef:\n    name: flux-system\n  url: ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git",
-              "apiVersion: kustomize.toolkit.fluxcd.io/v1beta2\nkind: Kustomization\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 10m0s\n  path: ./clank\n  prune: true\n  sourceRef:\n    kind: GitRepository\n    name: flux-system"
-            ],
-            "id": "e8997c4e0723aaa03560bc3abf63ef964f956c0fcdf89eb1cbfb760c799cf8d0",
-            "manifests": {
-              "/apis/kustomize.toolkit.fluxcd.io/v1beta2/namespaces/flux-system/kustomizations/flux-system": "apiVersion: kustomize.toolkit.fluxcd.io/v1beta2\nkind: Kustomization\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 10m0s\n  path: ./clank\n  prune: true\n  sourceRef:\n    kind: GitRepository\n    name: flux-system\n",
-              "/apis/source.toolkit.fluxcd.io/v1beta2/namespaces/flux-system/gitrepositorys/flux-system": "apiVersion: source.toolkit.fluxcd.io/v1beta2\nkind: GitRepository\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 1m0s\n  ref:\n    branch: main\n  secretRef:\n    name: flux-system\n  url: ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git\n"
-            }
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.flux",
-      "mode": "managed",
-      "type": "kubectl_manifest",
-      "name": "apply",
-      "provider": "module.flux.provider[\"registry.terraform.io/gavinbunney/kubectl\"]",
-      "instances": [
-        {
-          "index_key": "apiextensions.k8s.io/v1/customresourcedefinition/alerts.notification.toolkit.fluxcd.io",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apiextensions.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/alerts.notification.toolkit.fluxcd.io",
-            "ignore_fields": null,
-            "kind": "CustomResourceDefinition",
-            "live_manifest_incluster": "3eb4be5c0abda78b11086bee7392e6b42d459303662ec0dabdbaf95d67cb3906",
-            "live_uid": "e1ca18e4-5cc9-48ff-98ed-d7f886b6d7c2",
-            "name": "alerts.notification.toolkit.fluxcd.io",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "e1ca18e4-5cc9-48ff-98ed-d7f886b6d7c2",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: alerts.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Alert\n    listKind: AlertList\n    plural: alerts\n    singular: alert\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Alert is the Schema for the alerts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: AlertSpec defines an alerting rule for events involving a\n              list of objects\n            properties:\n              eventSeverity:\n                default: info\n                description: Filter events based on severity, defaults to ('info').\n                  If set to 'info' no events will be filtered.\n                enum:\n                - info\n                - error\n                type: string\n              eventSources:\n                description: Filter events based on the involved objects.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              exclusionList:\n                description: A list of Golang regular expressions to be used for excluding\n                  messages.\n                items:\n                  type: string\n                type: array\n              providerRef:\n                description: Send events using this provider.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              summary:\n                description: Short description of the impact and affected cluster.\n                type: string\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events dispatching. Defaults to false.\n                type: boolean\n            required:\n            - eventSources\n            - providerRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: AlertStatus defines the observed state of Alert\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-            "yaml_body_parsed": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: alerts.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Alert\n    listKind: AlertList\n    plural: alerts\n    singular: alert\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Alert is the Schema for the alerts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: AlertSpec defines an alerting rule for events involving a\n              list of objects\n            properties:\n              eventSeverity:\n                default: info\n                description: Filter events based on severity, defaults to ('info').\n                  If set to 'info' no events will be filtered.\n                enum:\n                - info\n                - error\n                type: string\n              eventSources:\n                description: Filter events based on the involved objects.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              exclusionList:\n                description: A list of Golang regular expressions to be used for excluding\n                  messages.\n                items:\n                  type: string\n                type: array\n              providerRef:\n                description: Send events using this provider.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              summary:\n                description: Short description of the impact and affected cluster.\n                type: string\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events dispatching. Defaults to false.\n                type: boolean\n            required:\n            - eventSources\n            - providerRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: AlertStatus defines the observed state of Alert\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-            "yaml_incluster": "3eb4be5c0abda78b11086bee7392e6b42d459303662ec0dabdbaf95d67cb3906"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apiextensions.k8s.io/v1/customresourcedefinition/buckets.source.toolkit.fluxcd.io",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apiextensions.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/buckets.source.toolkit.fluxcd.io",
-            "ignore_fields": null,
-            "kind": "CustomResourceDefinition",
-            "live_manifest_incluster": "4ec58b70c20cd1a91e0df4e5a9c83429927ab34766e1866beed7a7c7c3b2201c",
-            "live_uid": "0187872f-792e-45df-b75b-b825eb77db20",
-            "name": "buckets.source.toolkit.fluxcd.io",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "0187872f-792e-45df-b75b-b825eb77db20",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: buckets.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: Bucket\n    listKind: BucketList\n    plural: buckets\n    singular: bucket\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec defines the desired state of an S3 compatible\n              bucket\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: The bucket name.\n                type: string\n              endpoint:\n                description: The bucket endpoint address.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.\n                type: boolean\n              interval:\n                description: The interval at which to check for bucket updates.\n                type: string\n              provider:\n                default: generic\n                description: The S3 compatible storage provider name, default ('generic').\n                enum:\n                - generic\n                - aws\n                - gcp\n                type: string\n              region:\n                description: The bucket region.\n                type: string\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for download operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus defines the observed state of a bucket\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  Bucket sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last Bucket sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec specifies the required configuration to produce\n              an Artifact for an object storage bucket.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: BucketName is the name of the object storage bucket.\n                type: string\n              endpoint:\n                description: Endpoint is the object storage address the BucketName\n                  is located at.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS HTTP Endpoint.\n                type: boolean\n              interval:\n                description: Interval at which to check the Endpoint for updates.\n                type: string\n              provider:\n                default: generic\n                description: Provider of the object storage bucket. Defaults to 'generic',\n                  which expects an S3 (API) compatible object storage.\n                enum:\n                - generic\n                - aws\n                - gcp\n                - azure\n                type: string\n              region:\n                description: Region of the Endpoint where the BucketName is located\n                  in.\n                type: string\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this Bucket.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for fetch operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus records the observed state of a Bucket.\n            properties:\n              artifact:\n                description: Artifact represents the last successful Bucket reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the Bucket object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-            "yaml_body_parsed": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: buckets.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: Bucket\n    listKind: BucketList\n    plural: buckets\n    singular: bucket\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec defines the desired state of an S3 compatible\n              bucket\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: The bucket name.\n                type: string\n              endpoint:\n                description: The bucket endpoint address.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.\n                type: boolean\n              interval:\n                description: The interval at which to check for bucket updates.\n                type: string\n              provider:\n                default: generic\n                description: The S3 compatible storage provider name, default ('generic').\n                enum:\n                - generic\n                - aws\n                - gcp\n                type: string\n              region:\n                description: The bucket region.\n                type: string\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for download operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus defines the observed state of a bucket\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  Bucket sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last Bucket sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec specifies the required configuration to produce\n              an Artifact for an object storage bucket.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: BucketName is the name of the object storage bucket.\n                type: string\n              endpoint:\n                description: Endpoint is the object storage address the BucketName\n                  is located at.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS HTTP Endpoint.\n                type: boolean\n              interval:\n                description: Interval at which to check the Endpoint for updates.\n                type: string\n              provider:\n                default: generic\n                description: Provider of the object storage bucket. Defaults to 'generic',\n                  which expects an S3 (API) compatible object storage.\n                enum:\n                - generic\n                - aws\n                - gcp\n                - azure\n                type: string\n              region:\n                description: Region of the Endpoint where the BucketName is located\n                  in.\n                type: string\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this Bucket.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for fetch operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus records the observed state of a Bucket.\n            properties:\n              artifact:\n                description: Artifact represents the last successful Bucket reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the Bucket object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-            "yaml_incluster": "4ec58b70c20cd1a91e0df4e5a9c83429927ab34766e1866beed7a7c7c3b2201c"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apiextensions.k8s.io/v1/customresourcedefinition/gitrepositories.source.toolkit.fluxcd.io",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apiextensions.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/gitrepositories.source.toolkit.fluxcd.io",
-            "ignore_fields": null,
-            "kind": "CustomResourceDefinition",
-            "live_manifest_incluster": "ebe9ab24635dab17661e2f41e74bf6f100c9b31f4181530b8146580b6d506d57",
-            "live_uid": "6780b364-265c-4d4a-ac58-348caeb6bff9",
-            "name": "gitrepositories.source.toolkit.fluxcd.io",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "6780b364-265c-4d4a-ac58-348caeb6bff9",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: gitrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: GitRepository\n    listKind: GitRepositoryList\n    plural: gitrepositories\n    shortNames:\n    - gitrepo\n    singular: gitrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec defines the desired state of a Git repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: Determines which git client library to use. Defaults\n                  to go-git, valid values are ('go-git', 'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Extra git repositories to map into the repository\n                items:\n                  description: GitRepositoryInclude defines a source with a from and\n                    to path.\n                  properties:\n                    fromPath:\n                      description: The path to copy contents from, defaults to the\n                        root directory.\n                      type: string\n                    repository:\n                      description: Reference to a GitRepository to include.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: The path to copy contents to, defaults to the name\n                        of the source ref.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to check for repository updates.\n                type: string\n              recurseSubmodules:\n                description: When enabled, after the clone is created, initializes\n                  all submodules within, using their default settings. This option\n                  is available only when using the 'go-git' GitImplementation.\n                type: boolean\n              ref:\n                description: The Git reference to checkout and monitor for changes,\n                  defaults to master branch.\n                properties:\n                  branch:\n                    description: The Git branch to checkout, defaults to master.\n                    type: string\n                  commit:\n                    description: The Git commit SHA to checkout, if specified Tag\n                      filters will be ignored.\n                    type: string\n                  semver:\n                    description: The Git tag semver expression, takes precedence over\n                      Tag.\n                    type: string\n                  tag:\n                    description: The Git tag to checkout, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: The secret name containing the Git credentials. For HTTPS\n                  repositories the secret must contain username and password fields.\n                  For SSH repositories the secret must contain identity and known_hosts\n                  fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for remote Git operations like cloning, defaults\n                  to 60s.\n                type: string\n              url:\n                description: The repository URL, can be a HTTP/S or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verify OpenPGP signature for the Git commit HEAD points\n                  to.\n                properties:\n                  mode:\n                    description: Mode describes what git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: The secret name containing the public keys of all\n                      trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus defines the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts represents the included artifacts from\n                  the last successful repository sync.\n                items:\n                  description: Artifact represents the output of a source synchronisation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the artifact.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of this artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of this artifact.\n                      type: string\n                    revision:\n                      description: Revision is a human readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm index timestamp, a Helm chart version, etc.\n                      type: string\n                    url:\n                      description: URL is the HTTP address of this artifact.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last repository sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec specifies the required configuration to\n              produce an Artifact for a Git repository.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: GitImplementation specifies which Git client library\n                  implementation to use. Defaults to 'go-git', valid values are ('go-git',\n                  'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Include specifies a list of GitRepository resources which\n                  Artifacts should be included in the Artifact produced for this GitRepository.\n                items:\n                  description: GitRepositoryInclude specifies a local reference to\n                    a GitRepository which Artifact (sub-)contents must be included,\n                    and where they should be placed.\n                  properties:\n                    fromPath:\n                      description: FromPath specifies the path to copy contents from,\n                        defaults to the root of the Artifact.\n                      type: string\n                    repository:\n                      description: GitRepositoryRef specifies the GitRepository which\n                        Artifact contents must be included.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: ToPath specifies the path to copy contents to,\n                        defaults to the name of the GitRepositoryRef.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: Interval at which to check the GitRepository for updates.\n                type: string\n              recurseSubmodules:\n                description: RecurseSubmodules enables the initialization of all submodules\n                  within the GitRepository as cloned from the URL, using their default\n                  settings. This option is available only when using the 'go-git'\n                  GitImplementation.\n                type: boolean\n              ref:\n                description: Reference specifies the Git reference to resolve and\n                  monitor for changes, defaults to the 'master' branch.\n                properties:\n                  branch:\n                    description: \"Branch to check out, defaults to 'master' if no\n                      other field is defined. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', a shallow clone of the specified branch\n                      is performed.\"\n                    type: string\n                  commit:\n                    description: \"Commit SHA to check out, takes precedence over all\n                      reference fields. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', this can be combined with Branch to shallow\n                      clone the branch, in which the commit is expected to exist.\"\n                    type: string\n                  semver:\n                    description: SemVer tag expression to check out, takes precedence\n                      over Tag.\n                    type: string\n                  tag:\n                    description: Tag to check out, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the GitRepository. For HTTPS repositories the Secret\n                  must contain 'username' and 'password' fields. For SSH repositories\n                  the Secret must contain 'identity' and 'known_hosts' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this GitRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for Git operations like cloning, defaults to\n                  60s.\n                type: string\n              url:\n                description: URL specifies the Git repository URL, it can be an HTTP/S\n                  or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verification specifies the configuration to verify the\n                  Git commit signature(s).\n                properties:\n                  mode:\n                    description: Mode specifies what Git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: SecretRef specifies the Secret containing the public\n                      keys of trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus records the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful GitRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts contains a list of the last successfully\n                  included Artifacts as instructed by GitRepositorySpec.Include.\n                items:\n                  description: Artifact represents the output of a Source reconciliation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the Artifact\n                        file.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of the Artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of the Artifact.\n                        It can be used to locate the file in the root of the Artifact\n                        storage on the local file system of the controller managing\n                        the Source.\n                      type: string\n                    revision:\n                      description: Revision is a human-readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm chart version, etc.\n                      type: string\n                    size:\n                      description: Size is the number of bytes in the file.\n                      format: int64\n                      type: integer\n                    url:\n                      description: URL is the HTTP address of the Artifact as exposed\n                        by the controller managing the Source. It can be used to retrieve\n                        the Artifact for consumption, e.g. by another controller applying\n                        the Artifact contents.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the GitRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise GitRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-            "yaml_body_parsed": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: gitrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: GitRepository\n    listKind: GitRepositoryList\n    plural: gitrepositories\n    shortNames:\n    - gitrepo\n    singular: gitrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec defines the desired state of a Git repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: Determines which git client library to use. Defaults\n                  to go-git, valid values are ('go-git', 'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Extra git repositories to map into the repository\n                items:\n                  description: GitRepositoryInclude defines a source with a from and\n                    to path.\n                  properties:\n                    fromPath:\n                      description: The path to copy contents from, defaults to the\n                        root directory.\n                      type: string\n                    repository:\n                      description: Reference to a GitRepository to include.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: The path to copy contents to, defaults to the name\n                        of the source ref.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to check for repository updates.\n                type: string\n              recurseSubmodules:\n                description: When enabled, after the clone is created, initializes\n                  all submodules within, using their default settings. This option\n                  is available only when using the 'go-git' GitImplementation.\n                type: boolean\n              ref:\n                description: The Git reference to checkout and monitor for changes,\n                  defaults to master branch.\n                properties:\n                  branch:\n                    description: The Git branch to checkout, defaults to master.\n                    type: string\n                  commit:\n                    description: The Git commit SHA to checkout, if specified Tag\n                      filters will be ignored.\n                    type: string\n                  semver:\n                    description: The Git tag semver expression, takes precedence over\n                      Tag.\n                    type: string\n                  tag:\n                    description: The Git tag to checkout, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: The secret name containing the Git credentials. For HTTPS\n                  repositories the secret must contain username and password fields.\n                  For SSH repositories the secret must contain identity and known_hosts\n                  fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for remote Git operations like cloning, defaults\n                  to 60s.\n                type: string\n              url:\n                description: The repository URL, can be a HTTP/S or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verify OpenPGP signature for the Git commit HEAD points\n                  to.\n                properties:\n                  mode:\n                    description: Mode describes what git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: The secret name containing the public keys of all\n                      trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus defines the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts represents the included artifacts from\n                  the last successful repository sync.\n                items:\n                  description: Artifact represents the output of a source synchronisation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the artifact.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of this artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of this artifact.\n                      type: string\n                    revision:\n                      description: Revision is a human readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm index timestamp, a Helm chart version, etc.\n                      type: string\n                    url:\n                      description: URL is the HTTP address of this artifact.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last repository sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec specifies the required configuration to\n              produce an Artifact for a Git repository.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: GitImplementation specifies which Git client library\n                  implementation to use. Defaults to 'go-git', valid values are ('go-git',\n                  'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Include specifies a list of GitRepository resources which\n                  Artifacts should be included in the Artifact produced for this GitRepository.\n                items:\n                  description: GitRepositoryInclude specifies a local reference to\n                    a GitRepository which Artifact (sub-)contents must be included,\n                    and where they should be placed.\n                  properties:\n                    fromPath:\n                      description: FromPath specifies the path to copy contents from,\n                        defaults to the root of the Artifact.\n                      type: string\n                    repository:\n                      description: GitRepositoryRef specifies the GitRepository which\n                        Artifact contents must be included.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: ToPath specifies the path to copy contents to,\n                        defaults to the name of the GitRepositoryRef.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: Interval at which to check the GitRepository for updates.\n                type: string\n              recurseSubmodules:\n                description: RecurseSubmodules enables the initialization of all submodules\n                  within the GitRepository as cloned from the URL, using their default\n                  settings. This option is available only when using the 'go-git'\n                  GitImplementation.\n                type: boolean\n              ref:\n                description: Reference specifies the Git reference to resolve and\n                  monitor for changes, defaults to the 'master' branch.\n                properties:\n                  branch:\n                    description: \"Branch to check out, defaults to 'master' if no\n                      other field is defined. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', a shallow clone of the specified branch\n                      is performed.\"\n                    type: string\n                  commit:\n                    description: \"Commit SHA to check out, takes precedence over all\n                      reference fields. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', this can be combined with Branch to shallow\n                      clone the branch, in which the commit is expected to exist.\"\n                    type: string\n                  semver:\n                    description: SemVer tag expression to check out, takes precedence\n                      over Tag.\n                    type: string\n                  tag:\n                    description: Tag to check out, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the GitRepository. For HTTPS repositories the Secret\n                  must contain 'username' and 'password' fields. For SSH repositories\n                  the Secret must contain 'identity' and 'known_hosts' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this GitRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for Git operations like cloning, defaults to\n                  60s.\n                type: string\n              url:\n                description: URL specifies the Git repository URL, it can be an HTTP/S\n                  or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verification specifies the configuration to verify the\n                  Git commit signature(s).\n                properties:\n                  mode:\n                    description: Mode specifies what Git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: SecretRef specifies the Secret containing the public\n                      keys of trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus records the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful GitRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts contains a list of the last successfully\n                  included Artifacts as instructed by GitRepositorySpec.Include.\n                items:\n                  description: Artifact represents the output of a Source reconciliation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the Artifact\n                        file.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of the Artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of the Artifact.\n                        It can be used to locate the file in the root of the Artifact\n                        storage on the local file system of the controller managing\n                        the Source.\n                      type: string\n                    revision:\n                      description: Revision is a human-readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm chart version, etc.\n                      type: string\n                    size:\n                      description: Size is the number of bytes in the file.\n                      format: int64\n                      type: integer\n                    url:\n                      description: URL is the HTTP address of the Artifact as exposed\n                        by the controller managing the Source. It can be used to retrieve\n                        the Artifact for consumption, e.g. by another controller applying\n                        the Artifact contents.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the GitRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise GitRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-            "yaml_incluster": "ebe9ab24635dab17661e2f41e74bf6f100c9b31f4181530b8146580b6d506d57"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apiextensions.k8s.io/v1/customresourcedefinition/helmcharts.source.toolkit.fluxcd.io",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apiextensions.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/helmcharts.source.toolkit.fluxcd.io",
-            "ignore_fields": null,
-            "kind": "CustomResourceDefinition",
-            "live_manifest_incluster": "aad2c1c316d96f34f649fef444b0d0ecbc73ea02b5824b33285968dc05b6b41c",
-            "live_uid": "d6e363e7-ce9e-46ee-bb10-d61e06d50013",
-            "name": "helmcharts.source.toolkit.fluxcd.io",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "d6e363e7-ce9e-46ee-bb10-d61e06d50013",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmcharts.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmChart\n    listKind: HelmChartList\n    plural: helmcharts\n    shortNames:\n    - hc\n    singular: helmchart\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec defines the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: The name or path the Helm chart is available at in the\n                  SourceRef.\n                type: string\n              interval:\n                description: The interval at which to check the Source for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: Determines what enables the creation of a new artifact.\n                  Valid values are ('ChartVersion', 'Revision'). See the documentation\n                  of the values for an explanation on their behavior. Defaults to\n                  ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: The reference to the Source the chart is available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: Alternative values file to use as the default chart values,\n                  expected to be a relative path in the SourceRef. Deprecated in favor\n                  of ValuesFiles, for backwards compatibility the file defined here\n                  is merged before the ValuesFiles items. Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: Alternative list of values files to use as the chart\n                  values (values.yaml is not included by default), expected to be\n                  a relative path in the SourceRef. Values files are merged in the\n                  order of this list with the last file overriding the first. Ignored\n                  when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: The chart version semver expression, ignored for charts\n                  from GitRepository and Bucket sources. Defaults to latest when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus defines the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  chart sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last chart pulled.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec specifies the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: Chart is the name or path the Helm chart is available\n                  at in the SourceRef.\n                type: string\n              interval:\n                description: Interval is the interval at which to check the Source\n                  for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: ReconcileStrategy determines what enables the creation\n                  of a new artifact. Valid values are ('ChartVersion', 'Revision').\n                  See the documentation of the values for an explanation on their\n                  behavior. Defaults to ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: SourceRef is the reference to the Source the chart is\n                  available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: ValuesFile is an alternative values file to use as the\n                  default chart values, expected to be a relative path in the SourceRef.\n                  Deprecated in favor of ValuesFiles, for backwards compatibility\n                  the file specified here is merged before the ValuesFiles items.\n                  Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: ValuesFiles is an alternative list of values files to\n                  use as the chart values (values.yaml is not included by default),\n                  expected to be a relative path in the SourceRef. Values files are\n                  merged in the order of this list with the last file overriding the\n                  first. Ignored when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: Version is the chart version semver expression, ignored\n                  for charts from GitRepository and Bucket sources. Defaults to latest\n                  when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus records the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedChartName:\n                description: ObservedChartName is the last observed chart name as\n                  specified by the resolved chart reference.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmChart object.\n                format: int64\n                type: integer\n              observedSourceArtifactRevision:\n                description: ObservedSourceArtifactRevision is the last observed Artifact.Revision\n                  of the HelmChartSpec.SourceRef.\n                type: string\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-            "yaml_body_parsed": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmcharts.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmChart\n    listKind: HelmChartList\n    plural: helmcharts\n    shortNames:\n    - hc\n    singular: helmchart\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec defines the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: The name or path the Helm chart is available at in the\n                  SourceRef.\n                type: string\n              interval:\n                description: The interval at which to check the Source for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: Determines what enables the creation of a new artifact.\n                  Valid values are ('ChartVersion', 'Revision'). See the documentation\n                  of the values for an explanation on their behavior. Defaults to\n                  ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: The reference to the Source the chart is available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: Alternative values file to use as the default chart values,\n                  expected to be a relative path in the SourceRef. Deprecated in favor\n                  of ValuesFiles, for backwards compatibility the file defined here\n                  is merged before the ValuesFiles items. Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: Alternative list of values files to use as the chart\n                  values (values.yaml is not included by default), expected to be\n                  a relative path in the SourceRef. Values files are merged in the\n                  order of this list with the last file overriding the first. Ignored\n                  when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: The chart version semver expression, ignored for charts\n                  from GitRepository and Bucket sources. Defaults to latest when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus defines the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  chart sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last chart pulled.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec specifies the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: Chart is the name or path the Helm chart is available\n                  at in the SourceRef.\n                type: string\n              interval:\n                description: Interval is the interval at which to check the Source\n                  for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: ReconcileStrategy determines what enables the creation\n                  of a new artifact. Valid values are ('ChartVersion', 'Revision').\n                  See the documentation of the values for an explanation on their\n                  behavior. Defaults to ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: SourceRef is the reference to the Source the chart is\n                  available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: ValuesFile is an alternative values file to use as the\n                  default chart values, expected to be a relative path in the SourceRef.\n                  Deprecated in favor of ValuesFiles, for backwards compatibility\n                  the file specified here is merged before the ValuesFiles items.\n                  Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: ValuesFiles is an alternative list of values files to\n                  use as the chart values (values.yaml is not included by default),\n                  expected to be a relative path in the SourceRef. Values files are\n                  merged in the order of this list with the last file overriding the\n                  first. Ignored when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: Version is the chart version semver expression, ignored\n                  for charts from GitRepository and Bucket sources. Defaults to latest\n                  when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus records the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedChartName:\n                description: ObservedChartName is the last observed chart name as\n                  specified by the resolved chart reference.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmChart object.\n                format: int64\n                type: integer\n              observedSourceArtifactRevision:\n                description: ObservedSourceArtifactRevision is the last observed Artifact.Revision\n                  of the HelmChartSpec.SourceRef.\n                type: string\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-            "yaml_incluster": "aad2c1c316d96f34f649fef444b0d0ecbc73ea02b5824b33285968dc05b6b41c"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apiextensions.k8s.io/v1/customresourcedefinition/helmreleases.helm.toolkit.fluxcd.io",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apiextensions.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/helmreleases.helm.toolkit.fluxcd.io",
-            "ignore_fields": null,
-            "kind": "CustomResourceDefinition",
-            "live_manifest_incluster": "d51b7c35b26ed986bcfa84ed08648f99ac676ee90faa8997907a1f02fdf9a93d",
-            "live_uid": "5233f278-5d43-4eb6-954e-bbe9b860f2bd",
-            "name": "helmreleases.helm.toolkit.fluxcd.io",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "5233f278-5d43-4eb6-954e-bbe9b860f2bd",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmreleases.helm.toolkit.fluxcd.io\nspec:\n  group: helm.toolkit.fluxcd.io\n  names:\n    kind: HelmRelease\n    listKind: HelmReleaseList\n    plural: helmreleases\n    shortNames:\n    - hr\n    singular: helmrelease\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v2beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRelease is the Schema for the helmreleases API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmReleaseSpec defines the desired state of a Helm release.\n            properties:\n              chart:\n                description: Chart defines the template of the v1beta2.HelmChart that\n                  should be created for this HelmRelease.\n                properties:\n                  spec:\n                    description: Spec holds the template for the v1beta2.HelmChartSpec\n                      for this HelmRelease.\n                    properties:\n                      chart:\n                        description: The name or path the Helm chart is available\n                          at in the SourceRef.\n                        type: string\n                      interval:\n                        description: Interval at which to check the v1beta2.Source\n                          for updates. Defaults to 'HelmReleaseSpec.Interval'.\n                        type: string\n                      reconcileStrategy:\n                        default: ChartVersion\n                        description: Determines what enables the creation of a new\n                          artifact. Valid values are ('ChartVersion', 'Revision').\n                          See the documentation of the values for an explanation on\n                          their behavior. Defaults to ChartVersion when omitted.\n                        enum:\n                        - ChartVersion\n                        - Revision\n                        type: string\n                      sourceRef:\n                        description: The name and namespace of the v1beta2.Source\n                          the chart is available at.\n                        properties:\n                          apiVersion:\n                            description: APIVersion of the referent.\n                            type: string\n                          kind:\n                            description: Kind of the referent.\n                            enum:\n                            - HelmRepository\n                            - GitRepository\n                            - Bucket\n                            type: string\n                          name:\n                            description: Name of the referent.\n                            maxLength: 253\n                            minLength: 1\n                            type: string\n                          namespace:\n                            description: Namespace of the referent.\n                            maxLength: 63\n                            minLength: 1\n                            type: string\n                        required:\n                        - name\n                        type: object\n                      valuesFile:\n                        description: Alternative values file to use as the default\n                          chart values, expected to be a relative path in the SourceRef.\n                          Deprecated in favor of ValuesFiles, for backwards compatibility\n                          the file defined here is merged before the ValuesFiles items.\n                          Ignored when omitted.\n                        type: string\n                      valuesFiles:\n                        description: Alternative list of values files to use as the\n                          chart values (values.yaml is not included by default), expected\n                          to be a relative path in the SourceRef. Values files are\n                          merged in the order of this list with the last file overriding\n                          the first. Ignored when omitted.\n                        items:\n                          type: string\n                        type: array\n                      version:\n                        default: '*'\n                        description: Version semver expression, ignored for charts\n                          from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults\n                          to latest when omitted.\n                        type: string\n                    required:\n                    - chart\n                    - sourceRef\n                    type: object\n                required:\n                - spec\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to HelmRelease resources that must be ready\n                  before this HelmRelease can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              install:\n                description: Install holds the configuration for Helm install actions\n                  for this HelmRelease.\n                properties:\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Create`\n                      and if omitted CRDs are installed but not updated. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are applied (installed) during Helm install action. With this\n                      option users can opt-in to CRD replace existing CRDs on Helm\n                      install actions, which is not (yet) natively supported by Helm.\n                      https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  createNamespace:\n                    description: CreateNamespace tells the Helm install action to\n                      create the HelmReleaseSpec.TargetNamespace if it does not exist\n                      yet. On uninstall, the namespace will not be garbage collected.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm install action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm install\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm install has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm install has been performed.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm install action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an install\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false'.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          an uninstall, is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                    type: object\n                  replace:\n                    description: Replace tells the Helm install action to re-use the\n                      'ReleaseName', but only if that name is a deleted release which\n                      remains in the history.\n                    type: boolean\n                  skipCRDs:\n                    description: \"SkipCRDs tells the Helm install action to not install\n                      any CRDs. By default, CRDs are installed if not already present.\n                      \\n Deprecated use CRD policy (`crds`) attribute with value `Skip`\n                      instead.\"\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              interval:\n                description: Interval at which to reconcile the Helm release.\n                type: string\n              kubeConfig:\n                description: KubeConfig for reconciling the HelmRelease on a remote\n                  cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a key with the kubeconfig file as the value. If no key is specified\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the HelmRelease. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the HelmRelease.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              maxHistory:\n                description: MaxHistory is the number of revisions saved by Helm for\n                  this HelmRelease. Use '0' for an unlimited number of revisions;\n                  defaults to '10'.\n                type: integer\n              postRenderers:\n                description: PostRenderers holds an array of Helm PostRenderers, which\n                  will be applied in order of their definition.\n                items:\n                  description: PostRenderer contains a Helm PostRenderer specification.\n                  properties:\n                    kustomize:\n                      description: Kustomization to apply as PostRenderer.\n                      properties:\n                        images:\n                          description: Images is a list of (image name, new name,\n                            new tag or digest) for changing image names, tags or digests.\n                            This can also be achieved with a patch, but this operator\n                            is simpler to specify.\n                          items:\n                            description: Image contains an image name, a new name,\n                              a new tag or digest, which will replace the original\n                              name and tag.\n                            properties:\n                              digest:\n                                description: Digest is the value used to replace the\n                                  original image tag. If digest is present NewTag\n                                  value is ignored.\n                                type: string\n                              name:\n                                description: Name is a tag-less image name.\n                                type: string\n                              newName:\n                                description: NewName is the value used to replace\n                                  the original name.\n                                type: string\n                              newTag:\n                                description: NewTag is the value used to replace the\n                                  original tag.\n                                type: string\n                            required:\n                            - name\n                            type: object\n                          type: array\n                        patches:\n                          description: Strategic merge and JSON patches, defined as\n                            inline YAML objects, capable of targeting objects based\n                            on kind, label and annotation selectors.\n                          items:\n                            description: Patch contains an inline StrategicMerge or\n                              JSON6902 patch, and the target the patch should be applied\n                              to.\n                            properties:\n                              patch:\n                                description: Patch contains an inline StrategicMerge\n                                  patch or an inline JSON6902 patch with an array\n                                  of operation objects.\n                                type: string\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            type: object\n                          type: array\n                        patchesJson6902:\n                          description: JSON 6902 patches, defined as inline YAML objects.\n                          items:\n                            description: JSON6902Patch contains a JSON6902 patch and\n                              the target the patch should be applied to.\n                            properties:\n                              patch:\n                                description: Patch contains the JSON6902 patch document\n                                  with an array of operation objects.\n                                items:\n                                  description: JSON6902 is a JSON6902 operation object.\n                                    https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                  properties:\n                                    from:\n                                      description: From contains a JSON-pointer value\n                                        that references a location within the target\n                                        document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      type: string\n                                    op:\n                                      description: Op indicates the operation to perform.\n                                        Its value MUST be one of \"add\", \"remove\",\n                                        \"replace\", \"move\", \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                      enum:\n                                      - test\n                                      - remove\n                                      - add\n                                      - replace\n                                      - move\n                                      - copy\n                                      type: string\n                                    path:\n                                      description: Path contains the JSON-pointer\n                                        value that references a location within the\n                                        target document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op.\n                                      type: string\n                                    value:\n                                      description: Value contains a valid JSON structure.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      x-kubernetes-preserve-unknown-fields: true\n                                  required:\n                                  - op\n                                  - path\n                                  type: object\n                                type: array\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            required:\n                            - patch\n                            - target\n                            type: object\n                          type: array\n                        patchesStrategicMerge:\n                          description: Strategic merge patches, defined as inline\n                            YAML objects.\n                          items:\n                            x-kubernetes-preserve-unknown-fields: true\n                          type: array\n                      type: object\n                  type: object\n                type: array\n              releaseName:\n                description: ReleaseName used for the Helm release. Defaults to a\n                  composition of '[TargetNamespace-]Name'.\n                maxLength: 53\n                minLength: 1\n                type: string\n              rollback:\n                description: Rollback holds the configuration for Helm rollback actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm rollback action when it fails.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm rollback has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm rollback has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  recreate:\n                    description: Recreate performs pod restarts for the resource if\n                      applicable.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this HelmRelease.\n                type: string\n              storageNamespace:\n                description: StorageNamespace used for the Helm storage. Defaults\n                  to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              suspend:\n                description: Suspend tells the controller to suspend reconciliation\n                  for this HelmRelease, it does not apply to already started reconciliations.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace to target when performing operations\n                  for the HelmRelease. Defaults to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              test:\n                description: Test holds the configuration for Helm test actions for\n                  this HelmRelease.\n                properties:\n                  enable:\n                    description: Enable enables Helm test actions for this HelmRelease\n                      after an Helm install or upgrade action has been performed.\n                    type: boolean\n                  ignoreFailures:\n                    description: IgnoreFailures tells the controller to skip remediation\n                      when the Helm tests are run but fail. Can be overwritten for\n                      tests run after install or upgrade actions in 'Install.IgnoreTestFailures'\n                      and 'Upgrade.IgnoreTestFailures'.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation during the performance of a Helm test action. Defaults\n                      to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              timeout:\n                description: Timeout is the time to wait for any individual Kubernetes\n                  operation (like Jobs for hooks) during the performance of a Helm\n                  action. Defaults to '5m0s'.\n                type: string\n              uninstall:\n                description: Uninstall holds the configuration for Helm uninstall\n                  actions for this HelmRelease.\n                properties:\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables waiting for all the resources\n                      to be deleted after a Helm uninstall is performed.\n                    type: boolean\n                  keepHistory:\n                    description: KeepHistory tells Helm to remove all associated resources\n                      and mark the release as deleted, but retain the release history.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              upgrade:\n                description: Upgrade holds the configuration for Helm upgrade actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm upgrade action when it fails.\n                    type: boolean\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and\n                      if omitted CRDs are neither installed nor upgraded. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are not applied during Helm upgrade action. With this option\n                      users can opt-in to CRD upgrade, which is not (yet) natively\n                      supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm upgrade action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm upgrade\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm upgrade has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm upgrade has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  preserveValues:\n                    description: PreserveValues will make Helm reuse the last release's\n                      values and merge in overrides from 'Values'. Setting this flag\n                      makes the HelmRelease non-declarative.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm upgrade action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an upgrade\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false' unless 'Retries' is greater than 0.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          'Strategy', is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                      strategy:\n                        description: Strategy to use for failure remediation. Defaults\n                          to 'rollback'.\n                        enum:\n                        - rollback\n                        - uninstall\n                        type: string\n                    type: object\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              values:\n                description: Values holds the values for this Helm release.\n                x-kubernetes-preserve-unknown-fields: true\n              valuesFrom:\n                description: ValuesFrom holds references to resources containing Helm\n                  values for this HelmRelease, and information about how they should\n                  be merged.\n                items:\n                  description: ValuesReference contains a reference to a resource\n                    containing Helm values, and optionally the key they can be found\n                    at.\n                  properties:\n                    kind:\n                      description: Kind of the values referent, valid values are ('Secret',\n                        'ConfigMap').\n                      enum:\n                      - Secret\n                      - ConfigMap\n                      type: string\n                    name:\n                      description: Name of the values referent. Should reside in the\n                        same namespace as the referring resource.\n                      maxLength: 253\n                      minLength: 1\n                      type: string\n                    optional:\n                      description: Optional marks this ValuesReference as optional.\n                        When set, a not found error for the values reference is ignored,\n                        but any ValuesKey, TargetPath or transient error will still\n                        result in a reconciliation failure.\n                      type: boolean\n                    targetPath:\n                      description: TargetPath is the YAML dot notation path the value\n                        should be merged at. When set, the ValuesKey is expected to\n                        be a single flat value. Defaults to 'None', which results\n                        in the values getting merged at the root.\n                      type: string\n                    valuesKey:\n                      description: ValuesKey is the data key where the values.yaml\n                        or a specific value can be found at. Defaults to 'values.yaml'.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n            required:\n            - chart\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmReleaseStatus defines the observed state of a HelmRelease.\n            properties:\n              conditions:\n                description: Conditions holds the conditions for the HelmRelease.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              failures:\n                description: Failures is the reconciliation failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              helmChart:\n                description: HelmChart is the namespaced name of the HelmChart resource\n                  created by the controller for the HelmRelease.\n                type: string\n              installFailures:\n                description: InstallFailures is the install failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              lastAppliedRevision:\n                description: LastAppliedRevision is the revision of the last successfully\n                  applied source.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastAttemptedValuesChecksum:\n                description: LastAttemptedValuesChecksum is the SHA1 checksum of the\n                  values of the last reconciliation attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              lastReleaseRevision:\n                description: LastReleaseRevision is the revision of the last successful\n                  Helm release.\n                type: integer\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              upgradeFailures:\n                description: UpgradeFailures is the upgrade failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-            "yaml_body_parsed": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmreleases.helm.toolkit.fluxcd.io\nspec:\n  group: helm.toolkit.fluxcd.io\n  names:\n    kind: HelmRelease\n    listKind: HelmReleaseList\n    plural: helmreleases\n    shortNames:\n    - hr\n    singular: helmrelease\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v2beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRelease is the Schema for the helmreleases API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmReleaseSpec defines the desired state of a Helm release.\n            properties:\n              chart:\n                description: Chart defines the template of the v1beta2.HelmChart that\n                  should be created for this HelmRelease.\n                properties:\n                  spec:\n                    description: Spec holds the template for the v1beta2.HelmChartSpec\n                      for this HelmRelease.\n                    properties:\n                      chart:\n                        description: The name or path the Helm chart is available\n                          at in the SourceRef.\n                        type: string\n                      interval:\n                        description: Interval at which to check the v1beta2.Source\n                          for updates. Defaults to 'HelmReleaseSpec.Interval'.\n                        type: string\n                      reconcileStrategy:\n                        default: ChartVersion\n                        description: Determines what enables the creation of a new\n                          artifact. Valid values are ('ChartVersion', 'Revision').\n                          See the documentation of the values for an explanation on\n                          their behavior. Defaults to ChartVersion when omitted.\n                        enum:\n                        - ChartVersion\n                        - Revision\n                        type: string\n                      sourceRef:\n                        description: The name and namespace of the v1beta2.Source\n                          the chart is available at.\n                        properties:\n                          apiVersion:\n                            description: APIVersion of the referent.\n                            type: string\n                          kind:\n                            description: Kind of the referent.\n                            enum:\n                            - HelmRepository\n                            - GitRepository\n                            - Bucket\n                            type: string\n                          name:\n                            description: Name of the referent.\n                            maxLength: 253\n                            minLength: 1\n                            type: string\n                          namespace:\n                            description: Namespace of the referent.\n                            maxLength: 63\n                            minLength: 1\n                            type: string\n                        required:\n                        - name\n                        type: object\n                      valuesFile:\n                        description: Alternative values file to use as the default\n                          chart values, expected to be a relative path in the SourceRef.\n                          Deprecated in favor of ValuesFiles, for backwards compatibility\n                          the file defined here is merged before the ValuesFiles items.\n                          Ignored when omitted.\n                        type: string\n                      valuesFiles:\n                        description: Alternative list of values files to use as the\n                          chart values (values.yaml is not included by default), expected\n                          to be a relative path in the SourceRef. Values files are\n                          merged in the order of this list with the last file overriding\n                          the first. Ignored when omitted.\n                        items:\n                          type: string\n                        type: array\n                      version:\n                        default: '*'\n                        description: Version semver expression, ignored for charts\n                          from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults\n                          to latest when omitted.\n                        type: string\n                    required:\n                    - chart\n                    - sourceRef\n                    type: object\n                required:\n                - spec\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to HelmRelease resources that must be ready\n                  before this HelmRelease can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              install:\n                description: Install holds the configuration for Helm install actions\n                  for this HelmRelease.\n                properties:\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Create`\n                      and if omitted CRDs are installed but not updated. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are applied (installed) during Helm install action. With this\n                      option users can opt-in to CRD replace existing CRDs on Helm\n                      install actions, which is not (yet) natively supported by Helm.\n                      https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  createNamespace:\n                    description: CreateNamespace tells the Helm install action to\n                      create the HelmReleaseSpec.TargetNamespace if it does not exist\n                      yet. On uninstall, the namespace will not be garbage collected.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm install action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm install\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm install has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm install has been performed.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm install action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an install\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false'.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          an uninstall, is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                    type: object\n                  replace:\n                    description: Replace tells the Helm install action to re-use the\n                      'ReleaseName', but only if that name is a deleted release which\n                      remains in the history.\n                    type: boolean\n                  skipCRDs:\n                    description: \"SkipCRDs tells the Helm install action to not install\n                      any CRDs. By default, CRDs are installed if not already present.\n                      \\n Deprecated use CRD policy (`crds`) attribute with value `Skip`\n                      instead.\"\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              interval:\n                description: Interval at which to reconcile the Helm release.\n                type: string\n              kubeConfig:\n                description: KubeConfig for reconciling the HelmRelease on a remote\n                  cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a key with the kubeconfig file as the value. If no key is specified\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the HelmRelease. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the HelmRelease.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              maxHistory:\n                description: MaxHistory is the number of revisions saved by Helm for\n                  this HelmRelease. Use '0' for an unlimited number of revisions;\n                  defaults to '10'.\n                type: integer\n              postRenderers:\n                description: PostRenderers holds an array of Helm PostRenderers, which\n                  will be applied in order of their definition.\n                items:\n                  description: PostRenderer contains a Helm PostRenderer specification.\n                  properties:\n                    kustomize:\n                      description: Kustomization to apply as PostRenderer.\n                      properties:\n                        images:\n                          description: Images is a list of (image name, new name,\n                            new tag or digest) for changing image names, tags or digests.\n                            This can also be achieved with a patch, but this operator\n                            is simpler to specify.\n                          items:\n                            description: Image contains an image name, a new name,\n                              a new tag or digest, which will replace the original\n                              name and tag.\n                            properties:\n                              digest:\n                                description: Digest is the value used to replace the\n                                  original image tag. If digest is present NewTag\n                                  value is ignored.\n                                type: string\n                              name:\n                                description: Name is a tag-less image name.\n                                type: string\n                              newName:\n                                description: NewName is the value used to replace\n                                  the original name.\n                                type: string\n                              newTag:\n                                description: NewTag is the value used to replace the\n                                  original tag.\n                                type: string\n                            required:\n                            - name\n                            type: object\n                          type: array\n                        patches:\n                          description: Strategic merge and JSON patches, defined as\n                            inline YAML objects, capable of targeting objects based\n                            on kind, label and annotation selectors.\n                          items:\n                            description: Patch contains an inline StrategicMerge or\n                              JSON6902 patch, and the target the patch should be applied\n                              to.\n                            properties:\n                              patch:\n                                description: Patch contains an inline StrategicMerge\n                                  patch or an inline JSON6902 patch with an array\n                                  of operation objects.\n                                type: string\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            type: object\n                          type: array\n                        patchesJson6902:\n                          description: JSON 6902 patches, defined as inline YAML objects.\n                          items:\n                            description: JSON6902Patch contains a JSON6902 patch and\n                              the target the patch should be applied to.\n                            properties:\n                              patch:\n                                description: Patch contains the JSON6902 patch document\n                                  with an array of operation objects.\n                                items:\n                                  description: JSON6902 is a JSON6902 operation object.\n                                    https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                  properties:\n                                    from:\n                                      description: From contains a JSON-pointer value\n                                        that references a location within the target\n                                        document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      type: string\n                                    op:\n                                      description: Op indicates the operation to perform.\n                                        Its value MUST be one of \"add\", \"remove\",\n                                        \"replace\", \"move\", \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                      enum:\n                                      - test\n                                      - remove\n                                      - add\n                                      - replace\n                                      - move\n                                      - copy\n                                      type: string\n                                    path:\n                                      description: Path contains the JSON-pointer\n                                        value that references a location within the\n                                        target document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op.\n                                      type: string\n                                    value:\n                                      description: Value contains a valid JSON structure.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      x-kubernetes-preserve-unknown-fields: true\n                                  required:\n                                  - op\n                                  - path\n                                  type: object\n                                type: array\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            required:\n                            - patch\n                            - target\n                            type: object\n                          type: array\n                        patchesStrategicMerge:\n                          description: Strategic merge patches, defined as inline\n                            YAML objects.\n                          items:\n                            x-kubernetes-preserve-unknown-fields: true\n                          type: array\n                      type: object\n                  type: object\n                type: array\n              releaseName:\n                description: ReleaseName used for the Helm release. Defaults to a\n                  composition of '[TargetNamespace-]Name'.\n                maxLength: 53\n                minLength: 1\n                type: string\n              rollback:\n                description: Rollback holds the configuration for Helm rollback actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm rollback action when it fails.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm rollback has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm rollback has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  recreate:\n                    description: Recreate performs pod restarts for the resource if\n                      applicable.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this HelmRelease.\n                type: string\n              storageNamespace:\n                description: StorageNamespace used for the Helm storage. Defaults\n                  to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              suspend:\n                description: Suspend tells the controller to suspend reconciliation\n                  for this HelmRelease, it does not apply to already started reconciliations.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace to target when performing operations\n                  for the HelmRelease. Defaults to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              test:\n                description: Test holds the configuration for Helm test actions for\n                  this HelmRelease.\n                properties:\n                  enable:\n                    description: Enable enables Helm test actions for this HelmRelease\n                      after an Helm install or upgrade action has been performed.\n                    type: boolean\n                  ignoreFailures:\n                    description: IgnoreFailures tells the controller to skip remediation\n                      when the Helm tests are run but fail. Can be overwritten for\n                      tests run after install or upgrade actions in 'Install.IgnoreTestFailures'\n                      and 'Upgrade.IgnoreTestFailures'.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation during the performance of a Helm test action. Defaults\n                      to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              timeout:\n                description: Timeout is the time to wait for any individual Kubernetes\n                  operation (like Jobs for hooks) during the performance of a Helm\n                  action. Defaults to '5m0s'.\n                type: string\n              uninstall:\n                description: Uninstall holds the configuration for Helm uninstall\n                  actions for this HelmRelease.\n                properties:\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables waiting for all the resources\n                      to be deleted after a Helm uninstall is performed.\n                    type: boolean\n                  keepHistory:\n                    description: KeepHistory tells Helm to remove all associated resources\n                      and mark the release as deleted, but retain the release history.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              upgrade:\n                description: Upgrade holds the configuration for Helm upgrade actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm upgrade action when it fails.\n                    type: boolean\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and\n                      if omitted CRDs are neither installed nor upgraded. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are not applied during Helm upgrade action. With this option\n                      users can opt-in to CRD upgrade, which is not (yet) natively\n                      supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm upgrade action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm upgrade\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm upgrade has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm upgrade has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  preserveValues:\n                    description: PreserveValues will make Helm reuse the last release's\n                      values and merge in overrides from 'Values'. Setting this flag\n                      makes the HelmRelease non-declarative.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm upgrade action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an upgrade\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false' unless 'Retries' is greater than 0.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          'Strategy', is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                      strategy:\n                        description: Strategy to use for failure remediation. Defaults\n                          to 'rollback'.\n                        enum:\n                        - rollback\n                        - uninstall\n                        type: string\n                    type: object\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              values:\n                description: Values holds the values for this Helm release.\n                x-kubernetes-preserve-unknown-fields: true\n              valuesFrom:\n                description: ValuesFrom holds references to resources containing Helm\n                  values for this HelmRelease, and information about how they should\n                  be merged.\n                items:\n                  description: ValuesReference contains a reference to a resource\n                    containing Helm values, and optionally the key they can be found\n                    at.\n                  properties:\n                    kind:\n                      description: Kind of the values referent, valid values are ('Secret',\n                        'ConfigMap').\n                      enum:\n                      - Secret\n                      - ConfigMap\n                      type: string\n                    name:\n                      description: Name of the values referent. Should reside in the\n                        same namespace as the referring resource.\n                      maxLength: 253\n                      minLength: 1\n                      type: string\n                    optional:\n                      description: Optional marks this ValuesReference as optional.\n                        When set, a not found error for the values reference is ignored,\n                        but any ValuesKey, TargetPath or transient error will still\n                        result in a reconciliation failure.\n                      type: boolean\n                    targetPath:\n                      description: TargetPath is the YAML dot notation path the value\n                        should be merged at. When set, the ValuesKey is expected to\n                        be a single flat value. Defaults to 'None', which results\n                        in the values getting merged at the root.\n                      type: string\n                    valuesKey:\n                      description: ValuesKey is the data key where the values.yaml\n                        or a specific value can be found at. Defaults to 'values.yaml'.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n            required:\n            - chart\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmReleaseStatus defines the observed state of a HelmRelease.\n            properties:\n              conditions:\n                description: Conditions holds the conditions for the HelmRelease.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              failures:\n                description: Failures is the reconciliation failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              helmChart:\n                description: HelmChart is the namespaced name of the HelmChart resource\n                  created by the controller for the HelmRelease.\n                type: string\n              installFailures:\n                description: InstallFailures is the install failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              lastAppliedRevision:\n                description: LastAppliedRevision is the revision of the last successfully\n                  applied source.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastAttemptedValuesChecksum:\n                description: LastAttemptedValuesChecksum is the SHA1 checksum of the\n                  values of the last reconciliation attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              lastReleaseRevision:\n                description: LastReleaseRevision is the revision of the last successful\n                  Helm release.\n                type: integer\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              upgradeFailures:\n                description: UpgradeFailures is the upgrade failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-            "yaml_incluster": "d51b7c35b26ed986bcfa84ed08648f99ac676ee90faa8997907a1f02fdf9a93d"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apiextensions.k8s.io/v1/customresourcedefinition/helmrepositories.source.toolkit.fluxcd.io",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apiextensions.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/helmrepositories.source.toolkit.fluxcd.io",
-            "ignore_fields": null,
-            "kind": "CustomResourceDefinition",
-            "live_manifest_incluster": "6c2509f56e57891949c7bae5eceb2744c992cd14ec3f53aba64e28d0b0a683f4",
-            "live_uid": "519ecd1b-df1b-4395-8827-2bb94900c071",
-            "name": "helmrepositories.source.toolkit.fluxcd.io",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "519ecd1b-df1b-4395-8827-2bb94900c071",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmRepository\n    listKind: HelmRepositoryList\n    plural: helmrepositories\n    shortNames:\n    - helmrepo\n    singular: helmrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec defines the reference to a Helm repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: The interval at which to check the upstream for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Helm repository. For HTTP/S basic auth the secret must contain\n                  username and password fields. For TLS the secret must contain a\n                  certFile and keyFile, and/or caCert fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout of index downloading, defaults to 60s.\n                type: string\n              url:\n                description: The Helm repository URL, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus defines the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last index fetched.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec specifies the required configuration to\n              produce an Artifact for a Helm repository index YAML.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: Interval at which to check the URL for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the HelmRepository. For HTTP/S basic auth the secret\n                  must contain 'username' and 'password' fields. For TLS the secret\n                  must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this HelmRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout of the index fetch operation, defaults to 60s.\n                type: string\n              url:\n                description: URL of the Helm repository, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus records the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful HelmRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise HelmRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-            "yaml_body_parsed": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmRepository\n    listKind: HelmRepositoryList\n    plural: helmrepositories\n    shortNames:\n    - helmrepo\n    singular: helmrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec defines the reference to a Helm repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: The interval at which to check the upstream for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Helm repository. For HTTP/S basic auth the secret must contain\n                  username and password fields. For TLS the secret must contain a\n                  certFile and keyFile, and/or caCert fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout of index downloading, defaults to 60s.\n                type: string\n              url:\n                description: The Helm repository URL, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus defines the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last index fetched.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec specifies the required configuration to\n              produce an Artifact for a Helm repository index YAML.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: Interval at which to check the URL for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the HelmRepository. For HTTP/S basic auth the secret\n                  must contain 'username' and 'password' fields. For TLS the secret\n                  must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this HelmRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout of the index fetch operation, defaults to 60s.\n                type: string\n              url:\n                description: URL of the Helm repository, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus records the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful HelmRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise HelmRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-            "yaml_incluster": "6c2509f56e57891949c7bae5eceb2744c992cd14ec3f53aba64e28d0b0a683f4"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apiextensions.k8s.io/v1/customresourcedefinition/kustomizations.kustomize.toolkit.fluxcd.io",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apiextensions.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/kustomizations.kustomize.toolkit.fluxcd.io",
-            "ignore_fields": null,
-            "kind": "CustomResourceDefinition",
-            "live_manifest_incluster": "fd7e8602f5c8f9c751fc481764ee8c7fbe00c1e39e611464521002e45fb44580",
-            "live_uid": "09c02430-bd93-4995-8816-220b03cd8a43",
-            "name": "kustomizations.kustomize.toolkit.fluxcd.io",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "09c02430-bd93-4995-8816-220b03cd8a43",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomizations.kustomize.toolkit.fluxcd.io\nspec:\n  group: kustomize.toolkit.fluxcd.io\n  names:\n    kind: Kustomization\n    listKind: KustomizationList\n    plural: kustomizations\n    shortNames:\n    - ks\n    singular: kustomization\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the desired state of a kustomization.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When specified, KubeConfig takes precedence over\n                  ServiceAccountName.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a 'value' key with the kubeconfig file as the value. It must\n                      be in the same namespace as the Kustomization. It is recommended\n                      that the kubeconfig is self-contained, and the secret is regularly\n                      updated if credentials such as a cloud-access-token expire.\n                      Cloud specific `cmd-path` auth helpers will not function without\n                      adding binaries and credentials to the Pod that is responsible\n                      for reconciling the Kustomization.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: JSON 6902 patches, defined as inline YAML objects.\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: Strategic merge patches, defined as inline YAML objects.\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent\n                    type: string\n                  kind:\n                    description: Kind of the referent\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the Kustomization\n                      namespace\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: Validate the Kubernetes objects before applying them\n                  on the cluster. The validation strategy can be 'client' (local dry-run),\n                  'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',\n                  validation will fallback to 'client' if set to 'server' because\n                  server-side validation is not supported in this scenario.\n                enum:\n                - none\n                - client\n                - server\n                type: string\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n              snapshot:\n                description: The last successfully applied revision metadata.\n                properties:\n                  checksum:\n                    description: The manifests sha1 checksum.\n                    type: string\n                  entries:\n                    description: A list of Kubernetes kinds grouped by namespace.\n                    items:\n                      description: Snapshot holds the metadata of namespaced Kubernetes\n                        objects\n                      properties:\n                        kinds:\n                          additionalProperties:\n                            type: string\n                          description: The list of Kubernetes kinds.\n                          type: object\n                        namespace:\n                          description: The namespace of this entry.\n                          type: string\n                      required:\n                      - kinds\n                      type: object\n                    type: array\n                required:\n                - checksum\n                - entries\n                type: object\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the configuration to calculate\n              the desired state from a Source using Kustomize.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name of a secret that contains\n                      a key with the kubeconfig file as the value. If no key is set,\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the Kustomization. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the Kustomization.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:\n                  Use Patches instead.'\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: 'Strategic merge patches, defined as inline YAML objects.\n                  Deprecated: Use Patches instead.'\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                        optional:\n                          default: false\n                          description: Optional indicates whether the referenced resource\n                            must exist, or whether to tolerate its absence. If true\n                            and the referenced resource is absent, proceed as if the\n                            resource was present but empty, without any variables\n                            defined.\n                          type: boolean\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent.\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the namespace\n                      of the Kubernetes resource object that contains the reference.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: 'Deprecated: Not used in v1beta2.'\n                enum:\n                - none\n                - client\n                - server\n                type: string\n              wait:\n                description: Wait instructs the controller to check the health of\n                  all the reconciled resources. When enabled, the HealthChecks are\n                  ignored. Defaults to false.\n                type: boolean\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              inventory:\n                description: Inventory contains the list of Kubernetes resource object\n                  references that have been successfully applied.\n                properties:\n                  entries:\n                    description: Entries of Kubernetes resource object references.\n                    items:\n                      description: ResourceRef contains the information necessary\n                        to locate a resource within a cluster.\n                      properties:\n                        id:\n                          description: ID is the string representation of the Kubernetes\n                            resource object's metadata, in the format '\u003cnamespace\u003e_\u003cname\u003e_\u003cgroup\u003e_\u003ckind\u003e'.\n                          type: string\n                        v:\n                          description: Version is the API version of the Kubernetes\n                            resource object's kind.\n                          type: string\n                      required:\n                      - id\n                      - v\n                      type: object\n                    type: array\n                required:\n                - entries\n                type: object\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-            "yaml_body_parsed": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomizations.kustomize.toolkit.fluxcd.io\nspec:\n  group: kustomize.toolkit.fluxcd.io\n  names:\n    kind: Kustomization\n    listKind: KustomizationList\n    plural: kustomizations\n    shortNames:\n    - ks\n    singular: kustomization\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the desired state of a kustomization.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When specified, KubeConfig takes precedence over\n                  ServiceAccountName.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a 'value' key with the kubeconfig file as the value. It must\n                      be in the same namespace as the Kustomization. It is recommended\n                      that the kubeconfig is self-contained, and the secret is regularly\n                      updated if credentials such as a cloud-access-token expire.\n                      Cloud specific `cmd-path` auth helpers will not function without\n                      adding binaries and credentials to the Pod that is responsible\n                      for reconciling the Kustomization.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: JSON 6902 patches, defined as inline YAML objects.\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: Strategic merge patches, defined as inline YAML objects.\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent\n                    type: string\n                  kind:\n                    description: Kind of the referent\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the Kustomization\n                      namespace\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: Validate the Kubernetes objects before applying them\n                  on the cluster. The validation strategy can be 'client' (local dry-run),\n                  'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',\n                  validation will fallback to 'client' if set to 'server' because\n                  server-side validation is not supported in this scenario.\n                enum:\n                - none\n                - client\n                - server\n                type: string\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n              snapshot:\n                description: The last successfully applied revision metadata.\n                properties:\n                  checksum:\n                    description: The manifests sha1 checksum.\n                    type: string\n                  entries:\n                    description: A list of Kubernetes kinds grouped by namespace.\n                    items:\n                      description: Snapshot holds the metadata of namespaced Kubernetes\n                        objects\n                      properties:\n                        kinds:\n                          additionalProperties:\n                            type: string\n                          description: The list of Kubernetes kinds.\n                          type: object\n                        namespace:\n                          description: The namespace of this entry.\n                          type: string\n                      required:\n                      - kinds\n                      type: object\n                    type: array\n                required:\n                - checksum\n                - entries\n                type: object\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the configuration to calculate\n              the desired state from a Source using Kustomize.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name of a secret that contains\n                      a key with the kubeconfig file as the value. If no key is set,\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the Kustomization. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the Kustomization.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:\n                  Use Patches instead.'\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: 'Strategic merge patches, defined as inline YAML objects.\n                  Deprecated: Use Patches instead.'\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                        optional:\n                          default: false\n                          description: Optional indicates whether the referenced resource\n                            must exist, or whether to tolerate its absence. If true\n                            and the referenced resource is absent, proceed as if the\n                            resource was present but empty, without any variables\n                            defined.\n                          type: boolean\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent.\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the namespace\n                      of the Kubernetes resource object that contains the reference.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: 'Deprecated: Not used in v1beta2.'\n                enum:\n                - none\n                - client\n                - server\n                type: string\n              wait:\n                description: Wait instructs the controller to check the health of\n                  all the reconciled resources. When enabled, the HealthChecks are\n                  ignored. Defaults to false.\n                type: boolean\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              inventory:\n                description: Inventory contains the list of Kubernetes resource object\n                  references that have been successfully applied.\n                properties:\n                  entries:\n                    description: Entries of Kubernetes resource object references.\n                    items:\n                      description: ResourceRef contains the information necessary\n                        to locate a resource within a cluster.\n                      properties:\n                        id:\n                          description: ID is the string representation of the Kubernetes\n                            resource object's metadata, in the format '\u003cnamespace\u003e_\u003cname\u003e_\u003cgroup\u003e_\u003ckind\u003e'.\n                          type: string\n                        v:\n                          description: Version is the API version of the Kubernetes\n                            resource object's kind.\n                          type: string\n                      required:\n                      - id\n                      - v\n                      type: object\n                    type: array\n                required:\n                - entries\n                type: object\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-            "yaml_incluster": "fd7e8602f5c8f9c751fc481764ee8c7fbe00c1e39e611464521002e45fb44580"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apiextensions.k8s.io/v1/customresourcedefinition/providers.notification.toolkit.fluxcd.io",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apiextensions.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/providers.notification.toolkit.fluxcd.io",
-            "ignore_fields": null,
-            "kind": "CustomResourceDefinition",
-            "live_manifest_incluster": "faeef9c1996db75461977384cdc5289aeecc9c3b200860f9aeaad7144e0a6d85",
-            "live_uid": "398ef839-005c-4b63-a0e1-4cf8c27ed8e4",
-            "name": "providers.notification.toolkit.fluxcd.io",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "398ef839-005c-4b63-a0e1-4cf8c27ed8e4",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: providers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Provider\n    listKind: ProviderList\n    plural: providers\n    singular: provider\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Provider is the Schema for the providers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ProviderSpec defines the desired state of Provider\n            properties:\n              address:\n                description: HTTP/S webhook address of this provider\n                pattern: ^(http|https)://\n                type: string\n              certSecretRef:\n                description: CertSecretRef can be given the name of a secret containing\n                  a PEM-encoded CA certificate (`caFile`)\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              channel:\n                description: Alert channel for this provider\n                type: string\n              proxy:\n                description: HTTP/S address of the proxy\n                pattern: ^(http|https)://\n                type: string\n              secretRef:\n                description: Secret reference containing the provider webhook URL\n                  using \"address\" as data key\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of provider\n                enum:\n                - slack\n                - discord\n                - msteams\n                - rocket\n                - generic\n                - github\n                - gitlab\n                - bitbucket\n                - azuredevops\n                - googlechat\n                - webex\n                - sentry\n                - azureeventhub\n                - telegram\n                - lark\n                - matrix\n                - opsgenie\n                - alertmanager\n                - grafana\n                type: string\n              username:\n                description: Bot username for this provider\n                type: string\n            required:\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ProviderStatus defines the observed state of Provider\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-            "yaml_body_parsed": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: providers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Provider\n    listKind: ProviderList\n    plural: providers\n    singular: provider\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Provider is the Schema for the providers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ProviderSpec defines the desired state of Provider\n            properties:\n              address:\n                description: HTTP/S webhook address of this provider\n                pattern: ^(http|https)://\n                type: string\n              certSecretRef:\n                description: CertSecretRef can be given the name of a secret containing\n                  a PEM-encoded CA certificate (`caFile`)\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              channel:\n                description: Alert channel for this provider\n                type: string\n              proxy:\n                description: HTTP/S address of the proxy\n                pattern: ^(http|https)://\n                type: string\n              secretRef:\n                description: Secret reference containing the provider webhook URL\n                  using \"address\" as data key\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of provider\n                enum:\n                - slack\n                - discord\n                - msteams\n                - rocket\n                - generic\n                - github\n                - gitlab\n                - bitbucket\n                - azuredevops\n                - googlechat\n                - webex\n                - sentry\n                - azureeventhub\n                - telegram\n                - lark\n                - matrix\n                - opsgenie\n                - alertmanager\n                - grafana\n                type: string\n              username:\n                description: Bot username for this provider\n                type: string\n            required:\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ProviderStatus defines the observed state of Provider\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-            "yaml_incluster": "faeef9c1996db75461977384cdc5289aeecc9c3b200860f9aeaad7144e0a6d85"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apiextensions.k8s.io/v1/customresourcedefinition/receivers.notification.toolkit.fluxcd.io",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apiextensions.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/receivers.notification.toolkit.fluxcd.io",
-            "ignore_fields": null,
-            "kind": "CustomResourceDefinition",
-            "live_manifest_incluster": "a5c61c680526fbad949575b286791b8f9e17af94bead5575a34e08e55754d743",
-            "live_uid": "078824fd-21f8-4a80-bc34-ba5f397352a6",
-            "name": "receivers.notification.toolkit.fluxcd.io",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "078824fd-21f8-4a80-bc34-ba5f397352a6",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: receivers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Receiver\n    listKind: ReceiverList\n    plural: receivers\n    singular: receiver\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Receiver is the Schema for the receivers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ReceiverSpec defines the desired state of Receiver\n            properties:\n              events:\n                description: A list of events to handle, e.g. 'push' for GitHub or\n                  'Push Hook' for GitLab.\n                items:\n                  type: string\n                type: array\n              resources:\n                description: A list of resources to be notified about changes.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              secretRef:\n                description: Secret reference containing the token used to validate\n                  the payload authenticity\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of webhook sender, used to determine the validation\n                  procedure and payload deserialization.\n                enum:\n                - generic\n                - generic-hmac\n                - github\n                - gitlab\n                - bitbucket\n                - harbor\n                - dockerhub\n                - quay\n                - gcr\n                - nexus\n                - acr\n                type: string\n            required:\n            - resources\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ReceiverStatus defines the observed state of Receiver\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-            "yaml_body_parsed": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: receivers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Receiver\n    listKind: ReceiverList\n    plural: receivers\n    singular: receiver\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Receiver is the Schema for the receivers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ReceiverSpec defines the desired state of Receiver\n            properties:\n              events:\n                description: A list of events to handle, e.g. 'push' for GitHub or\n                  'Push Hook' for GitLab.\n                items:\n                  type: string\n                type: array\n              resources:\n                description: A list of resources to be notified about changes.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              secretRef:\n                description: Secret reference containing the token used to validate\n                  the payload authenticity\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of webhook sender, used to determine the validation\n                  procedure and payload deserialization.\n                enum:\n                - generic\n                - generic-hmac\n                - github\n                - gitlab\n                - bitbucket\n                - harbor\n                - dockerhub\n                - quay\n                - gcr\n                - nexus\n                - acr\n                type: string\n            required:\n            - resources\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ReceiverStatus defines the observed state of Receiver\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-            "yaml_incluster": "a5c61c680526fbad949575b286791b8f9e17af94bead5575a34e08e55754d743"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apps/v1/deployment/flux-system/helm-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apps/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apps/v1/namespaces/flux-system/deployments/helm-controller",
-            "ignore_fields": null,
-            "kind": "Deployment",
-            "live_manifest_incluster": "e4a3b3bfd6bd6ffd2658edf4addbe86e4de9eb9ed18ac572badad9ac837f4824",
-            "live_uid": "595c94bd-2897-4105-a6eb-f7f3d28aef31",
-            "name": "helm-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "595c94bd-2897-4105-a6eb-f7f3d28aef31",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: helm-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: helm-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: helm-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/helm-controller:v0.21.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: helm-controller\n      terminationGracePeriodSeconds: 600\n      volumes:\n      - emptyDir: {}\n        name: temp",
-            "yaml_body_parsed": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: helm-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: helm-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: helm-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/helm-controller:v0.21.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: helm-controller\n      terminationGracePeriodSeconds: 600\n      volumes:\n      - emptyDir: {}\n        name: temp\n",
-            "yaml_incluster": "e4a3b3bfd6bd6ffd2658edf4addbe86e4de9eb9ed18ac572badad9ac837f4824"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apps/v1/deployment/flux-system/kustomize-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apps/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apps/v1/namespaces/flux-system/deployments/kustomize-controller",
-            "ignore_fields": null,
-            "kind": "Deployment",
-            "live_manifest_incluster": "2826c2c4389823e3aaf89d714a101f295d74b565e99bd2a4d7436ce727817cea",
-            "live_uid": "7ea37437-55b7-4168-883a-1754bbeccd07",
-            "name": "kustomize-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "7ea37437-55b7-4168-883a-1754bbeccd07",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: kustomize-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: kustomize-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: kustomize-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/kustomize-controller:v0.25.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: kustomize-controller\n      terminationGracePeriodSeconds: 60\n      volumes:\n      - emptyDir: {}\n        name: temp",
-            "yaml_body_parsed": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: kustomize-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: kustomize-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: kustomize-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/kustomize-controller:v0.25.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: kustomize-controller\n      terminationGracePeriodSeconds: 60\n      volumes:\n      - emptyDir: {}\n        name: temp\n",
-            "yaml_incluster": "2826c2c4389823e3aaf89d714a101f295d74b565e99bd2a4d7436ce727817cea"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apps/v1/deployment/flux-system/notification-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apps/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apps/v1/namespaces/flux-system/deployments/notification-controller",
-            "ignore_fields": null,
-            "kind": "Deployment",
-            "live_manifest_incluster": "6540cfaf3a1ae420ceb422d5fe5768c84e0297aae12d61c0204ad49d6c7f24c5",
-            "live_uid": "240b64d6-e55b-4e86-bdb7-cfd022661d13",
-            "name": "notification-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "240b64d6-e55b-4e86-bdb7-cfd022661d13",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: notification-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: notification-controller\n    spec:\n      containers:\n      - args:\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/notification-controller:v0.23.5\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 9292\n          name: http-webhook\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: notification-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: temp",
-            "yaml_body_parsed": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: notification-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: notification-controller\n    spec:\n      containers:\n      - args:\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/notification-controller:v0.23.5\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 9292\n          name: http-webhook\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: notification-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: temp\n",
-            "yaml_incluster": "6540cfaf3a1ae420ceb422d5fe5768c84e0297aae12d61c0204ad49d6c7f24c5"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apps/v1/deployment/flux-system/source-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apps/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apps/v1/namespaces/flux-system/deployments/source-controller",
-            "ignore_fields": null,
-            "kind": "Deployment",
-            "live_manifest_incluster": "e1aba2209a36f10008a7a3ad79fcfbe50d58900fcb41060ab652fcf6364d6b7f",
-            "live_uid": "f06006e9-a0d5-492b-bedc-76bd68b508e6",
-            "name": "source-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "f06006e9-a0d5-492b-bedc-76bd68b508e6",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: source-controller\n  strategy:\n    type: Recreate\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: source-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        - --storage-path=/data\n        - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/source-controller:v0.24.4\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /\n            port: http\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 50m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /data\n          name: data\n        - mountPath: /tmp\n          name: tmp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: source-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: data\n      - emptyDir: {}\n        name: tmp",
-            "yaml_body_parsed": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: source-controller\n  strategy:\n    type: Recreate\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: source-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        - --storage-path=/data\n        - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/source-controller:v0.24.4\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /\n            port: http\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 50m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /data\n          name: data\n        - mountPath: /tmp\n          name: tmp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: source-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: data\n      - emptyDir: {}\n        name: tmp\n",
-            "yaml_incluster": "e1aba2209a36f10008a7a3ad79fcfbe50d58900fcb41060ab652fcf6364d6b7f"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "rbac.authorization.k8s.io/v1/clusterrole/crd-controller-flux-system",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "rbac.authorization.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/rbac.authorization.k8s.io/v1/clusterroles/crd-controller-flux-system",
-            "ignore_fields": null,
-            "kind": "ClusterRole",
-            "live_manifest_incluster": "64b8d95fdeb8cce691e46833d902ac7fa67f9f19c375337869ae6f31be108d3f",
-            "live_uid": "9553a86a-f030-42ef-b755-d565579553ea",
-            "name": "crd-controller-flux-system",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "9553a86a-f030-42ef-b755-d565579553ea",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nrules:\n- apiGroups:\n  - source.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - kustomize.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - helm.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - notification.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - image.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - \"\"\n  resources:\n  - namespaces\n  - secrets\n  - configmaps\n  - serviceaccounts\n  verbs:\n  - get\n  - list\n  - watch\n- apiGroups:\n  - \"\"\n  resources:\n  - events\n  verbs:\n  - create\n  - patch\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps/status\n  verbs:\n  - get\n  - update\n  - patch\n- apiGroups:\n  - coordination.k8s.io\n  resources:\n  - leases\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete",
-            "yaml_body_parsed": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nrules:\n- apiGroups:\n  - source.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - kustomize.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - helm.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - notification.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - image.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - \"\"\n  resources:\n  - namespaces\n  - secrets\n  - configmaps\n  - serviceaccounts\n  verbs:\n  - get\n  - list\n  - watch\n- apiGroups:\n  - \"\"\n  resources:\n  - events\n  verbs:\n  - create\n  - patch\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps/status\n  verbs:\n  - get\n  - update\n  - patch\n- apiGroups:\n  - coordination.k8s.io\n  resources:\n  - leases\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n",
-            "yaml_incluster": "64b8d95fdeb8cce691e46833d902ac7fa67f9f19c375337869ae6f31be108d3f"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "rbac.authorization.k8s.io/v1/clusterrolebinding/cluster-reconciler-flux-system",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "rbac.authorization.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/cluster-reconciler-flux-system",
-            "ignore_fields": null,
-            "kind": "ClusterRoleBinding",
-            "live_manifest_incluster": "fa44b2d7b1a5e317ad48f668736b5159d880a294ce7d2ca22c2925e3b91234b4",
-            "live_uid": "c35a1397-1075-462f-bb1d-04aac5cead05",
-            "name": "cluster-reconciler-flux-system",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "c35a1397-1075-462f-bb1d-04aac5cead05",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: cluster-reconciler-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system",
-            "yaml_body_parsed": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: cluster-reconciler-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n",
-            "yaml_incluster": "fa44b2d7b1a5e317ad48f668736b5159d880a294ce7d2ca22c2925e3b91234b4"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "rbac.authorization.k8s.io/v1/clusterrolebinding/crd-controller-flux-system",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "rbac.authorization.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/crd-controller-flux-system",
-            "ignore_fields": null,
-            "kind": "ClusterRoleBinding",
-            "live_manifest_incluster": "6b8c8c6696023b30737eaa9f108706734b7dfc05b2b67ecad04648aac622acd2",
-            "live_uid": "8b42a696-6eae-4c09-a3b7-7cc14b8aea13",
-            "name": "crd-controller-flux-system",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "8b42a696-6eae-4c09-a3b7-7cc14b8aea13",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: crd-controller-flux-system\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: source-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: notification-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-reflector-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-automation-controller\n  namespace: flux-system",
-            "yaml_body_parsed": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: crd-controller-flux-system\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: source-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: notification-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-reflector-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-automation-controller\n  namespace: flux-system\n",
-            "yaml_incluster": "6b8c8c6696023b30737eaa9f108706734b7dfc05b2b67ecad04648aac622acd2"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "v1/namespace/flux-system",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/api/v1/namespaces/flux-system",
-            "ignore_fields": null,
-            "kind": "Namespace",
-            "live_manifest_incluster": "36cd74a4c6ef912d14993e6713511346b84b91b559cdcaefa1987bc9820c3340",
-            "live_uid": "0e244da8-b9b0-4053-bf00-7bedb468e182",
-            "name": "flux-system",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "0e244da8-b9b0-4053-bf00-7bedb468e182",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "---\n# This manifest was generated by flux. DO NOT EDIT.\n# Flux Version: latest\n# Components: source-controller,kustomize-controller,helm-controller,notification-controller\napiVersion: v1\nkind: Namespace\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    pod-security.kubernetes.io/warn: restricted\n    pod-security.kubernetes.io/warn-version: latest\n  name: flux-system",
-            "yaml_body_parsed": "apiVersion: v1\nkind: Namespace\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    pod-security.kubernetes.io/warn: restricted\n    pod-security.kubernetes.io/warn-version: latest\n  name: flux-system\n",
-            "yaml_incluster": "36cd74a4c6ef912d14993e6713511346b84b91b559cdcaefa1987bc9820c3340"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "v1/service/flux-system/notification-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/api/v1/namespaces/flux-system/services/notification-controller",
-            "ignore_fields": null,
-            "kind": "Service",
-            "live_manifest_incluster": "2bed8e777b97150ef0f8eb7ce6e224b6d4518449b38f9f1dd1f799f187211e33",
-            "live_uid": "2977a59e-2fd1-4f92-a998-1d95f4a2d1ea",
-            "name": "notification-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "2977a59e-2fd1-4f92-a998-1d95f4a2d1ea",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: notification-controller\n  type: ClusterIP",
-            "yaml_body_parsed": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: notification-controller\n  type: ClusterIP\n",
-            "yaml_incluster": "2bed8e777b97150ef0f8eb7ce6e224b6d4518449b38f9f1dd1f799f187211e33"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "v1/service/flux-system/source-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/api/v1/namespaces/flux-system/services/source-controller",
-            "ignore_fields": null,
-            "kind": "Service",
-            "live_manifest_incluster": "d56847b2a9516b2994b8bef69ba399ef8afb109c538adbe59446204688e1eae3",
-            "live_uid": "72cd6273-2019-4e1f-868a-485931ba1855",
-            "name": "source-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "72cd6273-2019-4e1f-868a-485931ba1855",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: source-controller\n  type: ClusterIP",
-            "yaml_body_parsed": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: source-controller\n  type: ClusterIP\n",
-            "yaml_incluster": "d56847b2a9516b2994b8bef69ba399ef8afb109c538adbe59446204688e1eae3"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "v1/service/flux-system/webhook-receiver",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/api/v1/namespaces/flux-system/services/webhook-receiver",
-            "ignore_fields": null,
-            "kind": "Service",
-            "live_manifest_incluster": "32478dcd63b2b822236c495158f3253df5ba5b88831fbeaa2b1198d7a0b472d7",
-            "live_uid": "02d74f76-90d5-4da6-90e8-2a51a51d278b",
-            "name": "webhook-receiver",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "02d74f76-90d5-4da6-90e8-2a51a51d278b",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: webhook-receiver\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http-webhook\n  selector:\n    app: notification-controller\n  type: ClusterIP",
-            "yaml_body_parsed": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: webhook-receiver\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http-webhook\n  selector:\n    app: notification-controller\n  type: ClusterIP\n",
-            "yaml_incluster": "32478dcd63b2b822236c495158f3253df5ba5b88831fbeaa2b1198d7a0b472d7"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "v1/serviceaccount/flux-system/helm-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/api/v1/namespaces/flux-system/serviceaccounts/helm-controller",
-            "ignore_fields": null,
-            "kind": "ServiceAccount",
-            "live_manifest_incluster": "b2aad3f57dca6ad5856d63af0e01b5be04fd424032893aceb9b21bbc92c347a5",
-            "live_uid": "aa9711e9-e81e-439e-a807-abb2e2ab7cfe",
-            "name": "helm-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "aa9711e9-e81e-439e-a807-abb2e2ab7cfe",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helm-controller\n  namespace: flux-system",
-            "yaml_body_parsed": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helm-controller\n  namespace: flux-system\n",
-            "yaml_incluster": "b2aad3f57dca6ad5856d63af0e01b5be04fd424032893aceb9b21bbc92c347a5"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "v1/serviceaccount/flux-system/kustomize-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/api/v1/namespaces/flux-system/serviceaccounts/kustomize-controller",
-            "ignore_fields": null,
-            "kind": "ServiceAccount",
-            "live_manifest_incluster": "8a14f17da2d09e6c888837953b3962a88d06f405df66028ff154a94d4dfa0d09",
-            "live_uid": "c73c43a2-52f9-42df-bf2b-897016848dda",
-            "name": "kustomize-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "c73c43a2-52f9-42df-bf2b-897016848dda",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomize-controller\n  namespace: flux-system",
-            "yaml_body_parsed": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomize-controller\n  namespace: flux-system\n",
-            "yaml_incluster": "8a14f17da2d09e6c888837953b3962a88d06f405df66028ff154a94d4dfa0d09"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "v1/serviceaccount/flux-system/notification-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/api/v1/namespaces/flux-system/serviceaccounts/notification-controller",
-            "ignore_fields": null,
-            "kind": "ServiceAccount",
-            "live_manifest_incluster": "846badceb5abc1172a04ac98661eded224067c4084bf88be0eb70075af5a53d1",
-            "live_uid": "743f674e-2fa2-48d1-ae58-36a2354b44ba",
-            "name": "notification-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "743f674e-2fa2-48d1-ae58-36a2354b44ba",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: notification-controller\n  namespace: flux-system",
-            "yaml_body_parsed": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: notification-controller\n  namespace: flux-system\n",
-            "yaml_incluster": "846badceb5abc1172a04ac98661eded224067c4084bf88be0eb70075af5a53d1"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "v1/serviceaccount/flux-system/source-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/api/v1/namespaces/flux-system/serviceaccounts/source-controller",
-            "ignore_fields": null,
-            "kind": "ServiceAccount",
-            "live_manifest_incluster": "1d5862fdb063737cfa82134235c3dec3144c1c11ac78041a3c187751b6c2ed76",
-            "live_uid": "2e6d3b1e-37e0-4d53-83a4-65721bef5cbb",
-            "name": "source-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "2e6d3b1e-37e0-4d53-83a4-65721bef5cbb",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: source-controller\n  namespace: flux-system",
-            "yaml_body_parsed": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: source-controller\n  namespace: flux-system\n",
-            "yaml_incluster": "1d5862fdb063737cfa82134235c3dec3144c1c11ac78041a3c187751b6c2ed76"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.flux",
-      "mode": "managed",
-      "type": "kubectl_manifest",
-      "name": "sync",
-      "provider": "module.flux.provider[\"registry.terraform.io/gavinbunney/kubectl\"]",
-      "instances": [
-        {
-          "index_key": "kustomize.toolkit.fluxcd.io/v1beta2/kustomization/flux-system/flux-system",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "kustomize.toolkit.fluxcd.io/v1beta2",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/kustomize.toolkit.fluxcd.io/v1beta2/namespaces/flux-system/kustomizations/flux-system",
-            "ignore_fields": null,
-            "kind": "Kustomization",
-            "live_manifest_incluster": "76983d95c6d6af709777da0d4f83096cef10b2b6e625b0116db581080e962f87",
-            "live_uid": "29dd19f1-dc61-4ad1-97fb-e10e69359515",
-            "name": "flux-system",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "29dd19f1-dc61-4ad1-97fb-e10e69359515",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: kustomize.toolkit.fluxcd.io/v1beta2\nkind: Kustomization\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 10m0s\n  path: ./clank\n  prune: true\n  sourceRef:\n    kind: GitRepository\n    name: flux-system",
-            "yaml_body_parsed": "apiVersion: kustomize.toolkit.fluxcd.io/v1beta2\nkind: Kustomization\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 10m0s\n  path: ./clank\n  prune: true\n  sourceRef:\n    kind: GitRepository\n    name: flux-system\n",
-            "yaml_incluster": "76983d95c6d6af709777da0d4f83096cef10b2b6e625b0116db581080e962f87"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_sync.main",
-            "module.flux.data.kubectl_file_documents.sync",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "source.toolkit.fluxcd.io/v1beta2/gitrepository/flux-system/flux-system",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "source.toolkit.fluxcd.io/v1beta2",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/source.toolkit.fluxcd.io/v1beta2/namespaces/flux-system/gitrepositorys/flux-system",
-            "ignore_fields": null,
-            "kind": "GitRepository",
-            "live_manifest_incluster": "f159fca85740fe805d8ac4569899db00ab9cd9245350a7a56b689eafc490bedb",
-            "live_uid": "d2fea749-8f58-4ead-be65-bc2be53cb80e",
-            "name": "flux-system",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "d2fea749-8f58-4ead-be65-bc2be53cb80e",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: source.toolkit.fluxcd.io/v1beta2\nkind: GitRepository\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 1m0s\n  ref:\n    branch: main\n  secretRef:\n    name: flux-system\n  url: ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git",
-            "yaml_body_parsed": "apiVersion: source.toolkit.fluxcd.io/v1beta2\nkind: GitRepository\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 1m0s\n  ref:\n    branch: main\n  secretRef:\n    name: flux-system\n  url: ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git\n",
-            "yaml_incluster": "f159fca85740fe805d8ac4569899db00ab9cd9245350a7a56b689eafc490bedb"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_sync.main",
-            "module.flux.data.kubectl_file_documents.sync",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.flux",
-      "mode": "managed",
-      "type": "kubernetes_namespace",
-      "name": "flux_system",
-      "provider": "module.flux.provider[\"registry.terraform.io/hashicorp/kubernetes\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "id": "flux-system",
-            "metadata": [
-              {
-                "annotations": {},
-                "generate_name": "",
-                "generation": 0,
-                "labels": {
-                  "app.kubernetes.io/instance": "flux-system",
-                  "app.kubernetes.io/part-of": "flux",
-                  "app.kubernetes.io/version": "latest"
-                },
-                "name": "flux-system",
-                "resource_version": "36003",
-                "uid": "0e244da8-b9b0-4053-bf00-7bedb468e182"
-              }
-            ],
-            "timeouts": null
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9fQ=="
-        }
-      ]
-    },
-    {
-      "module": "module.flux",
-      "mode": "managed",
-      "type": "kubernetes_namespace",
-      "name": "prod",
-      "provider": "module.flux.provider[\"registry.terraform.io/hashicorp/kubernetes\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "id": "prod",
-            "metadata": [
-              {
-                "annotations": null,
-                "generate_name": "",
-                "generation": 0,
-                "labels": null,
-                "name": "prod",
-                "resource_version": "81720",
-                "uid": "44c5b774-db65-4ba1-95bd-b3f13f388eb6"
-              }
-            ],
-            "timeouts": null
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9fQ=="
-        }
-      ]
-    },
-    {
-      "module": "module.flux",
-      "mode": "managed",
-      "type": "kubernetes_secret",
-      "name": "main",
-      "provider": "module.flux.provider[\"registry.terraform.io/hashicorp/kubernetes\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "binary_data": null,
-            "data": {
-              "identity": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACBYZYPLAjLRZhUHfk4yTLmiQTDmdWPIgZTI+dGLgpY/GAAAAJgGvLdRBry3\nUQAAAAtzc2gtZWQyNTUxOQAAACBYZYPLAjLRZhUHfk4yTLmiQTDmdWPIgZTI+dGLgpY/GA\nAAAEBmqJkdSt8H6HIVzV6Na8ukBOj4Bywd970sQVPWAz8Ug1hlg8sCMtFmFQd+TjJMuaJB\nMOZ1Y8iBlMj50YuClj8YAAAAEWNvbnRhY3RAa2p1dWxoLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n",
-              "identity.pub": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFhlg8sCMtFmFQd+TjJMuaJBMOZ1Y8iBlMj50YuClj8Y contact@kjuulh.io\n",
-              "known_hosts": "git.front.kjuulh.io ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJdO0Tw0e/Fa78g1Xszc4oKaOPbTwl7RTAaGQb0TrV8\ngit.front.kjuulh.io ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO61xoa0ON2Y8rpIB6R9PFxg9HUxMym8Z5I4vYUC+/UnzaDx9YUEGo3Vig9wBo6Hc2lAp0BIwH/d5d6uBBEIj/Y=\n"
-            },
-            "id": "flux-system/flux-system",
-            "immutable": false,
-            "metadata": [
-              {
-                "annotations": {},
-                "generate_name": "",
-                "generation": 0,
-                "labels": {},
-                "name": "flux-system",
-                "namespace": "flux-system",
-                "resource_version": "40687",
-                "uid": "e4b26a74-1433-4a38-a126-63f7dec801f0"
-              }
-            ],
-            "type": "Opaque"
-          },
-          "sensitive_attributes": [
-            [
-              {
-                "type": "get_attr",
-                "value": "data"
-              },
-              {
-                "type": "index",
-                "value": {
-                  "value": "identity",
-                  "type": "string"
-                }
-              }
-            ]
-          ],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.flux_sync.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubectl_manifest.apply",
-            "module.flux.kubernetes_namespace.flux_system"
+            "module.kube-hetzner.random_password.k3s_token",
+            "module.kube-hetzner.random_password.rancher_bootstrap"
           ]
         }
       ]
@@ -1427,7 +225,7 @@
       "mode": "data",
       "type": "hcloud_load_balancer",
       "name": "traefik",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
       "instances": [
         {
           "index_key": 0,
@@ -1439,11 +237,11 @@
               }
             ],
             "delete_protection": false,
-            "id": 712895,
-            "ipv4": "49.12.19.255",
-            "ipv6": "2a01:4f8:c011:61::1",
+            "id": 743098,
+            "ipv4": "49.12.22.84",
+            "ipv6": "2a01:4f8:c011:945::1",
             "labels": {
-              "hcloud-ccm/service-uid": "769636bc-0b55-441f-b847-140a6b144079"
+              "hcloud-ccm/service-uid": "f39c1534-4895-4f98-82de-43f449113f10"
             },
             "load_balancer_type": "lb11",
             "location": "fsn1",
@@ -1453,22 +251,12 @@
             "target": [
               {
                 "label_selector": "",
-                "server_id": 20289430,
+                "server_id": 21030913,
                 "type": "server"
               },
               {
                 "label_selector": "",
-                "server_id": 20285807,
-                "type": "server"
-              },
-              {
-                "label_selector": "",
-                "server_id": 20285811,
-                "type": "server"
-              },
-              {
-                "label_selector": "",
-                "server_id": 20285809,
+                "server_id": 21030909,
                 "type": "server"
               }
             ],
@@ -1491,21 +279,56 @@
             "conn": [
               {
                 "agent": false,
-                "host": "167.235.247.244",
+                "host": "142.132.182.232",
                 "password": "",
                 "port": 22,
-                "private_key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACDppcjQxBsUMZ1zixjJ/NA8Iz7fgqgste1GlvTEgaYTsgAAAJiZYtI7mWLS\nOwAAAAtzc2gtZWQyNTUxOQAAACDppcjQxBsUMZ1zixjJ/NA8Iz7fgqgste1GlvTEgaYTsg\nAAAEDLWiPDiI2P8wK7bHz6Xxg1LKWEVekqnkLNEdp//Fi4uOmlyNDEGxQxnXOLGMn80Dwj\nPt+CqCy17UaW9MSBphOyAAAAEWNvbnRhY3RAa2p1dWxoLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----",
+                "private_key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACDppcjQxBsUMZ1zixjJ/NA8Iz7fgqgste1GlvTEgaYTsgAAAJiZYtI7mWLS\nOwAAAAtzc2gtZWQyNTUxOQAAACDppcjQxBsUMZ1zixjJ/NA8Iz7fgqgste1GlvTEgaYTsg\nAAAEDLWiPDiI2P8wK7bHz6Xxg1LKWEVekqnkLNEdp//Fi4uOmlyNDEGxQxnXOLGMn80Dwj\nPt+CqCy17UaW9MSBphOyAAAAEWNvbnRhY3RAa2p1dWxoLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n",
                 "private_key_env_var": "",
                 "private_key_path": "",
                 "sudo": false,
                 "user": "root"
               }
             ],
-            "content": "apiVersion: v1\nclusters:\n- cluster:\n    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJlRENDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUyTlRJd01UVXhPREl3SGhjTk1qSXdOVEE0TVRNd05qSXlXaGNOTXpJd05UQTFNVE13TmpJeQpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUyTlRJd01UVXhPREl3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFReW45YTd2ZW1MUzZheE1sbjlvaHRTUENtZTRMaDJZYnJlY0ZHbk1pRmUKeWtKMEllSElEQjBZb3htMzM1NVFjMm5DOW1QODhQUTNlZ2lya2Zkc0pXZFdvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWd4aDhLMDVNeklhbHoxb0k3a0lQCjZleVZCVVl3Q2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loQUpwNDJiR1JSK0R5dG8xcFh5SHk1dDZDYS9RNjdoNCsKYWRIVjBsQ2RkRlBWQWlFQXQ2RkpZUXZXcUg2LzlqNkY2K3JFZ0NTZFRwbUM5VDNDd1ZpZm1hNXo4K3M9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n    server: https://127.0.0.1:6443\n  name: default\ncontexts:\n- context:\n    cluster: default\n    user: default\n  name: default\ncurrent-context: default\nkind: Config\npreferences: {}\nusers:\n- name: default\n  user:\n    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrRENDQVRlZ0F3SUJBZ0lJWHF3azVwR1ZNRG93Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOalV5TURFMU1UZ3lNQjRYRFRJeU1EVXdPREV6TURZeU1sb1hEVEl6TURVdwpPREV6TURZeU1sb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJFOEszZ0tKNkswK2lsYXIKbVVyaXlmN09jSjdaWlpoSHExNk1zbnZKSzVCUHRtQmttU0NxYUVEbFFCT2Y3NXR1MG9hSDdLMGREc0JSV2xtdApVMUF5NXV1alNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCUjVicDBabGRLd0U0MWdMeFNXT2IxV1ZTRUxqekFLQmdncWhrak9QUVFEQWdOSEFEQkUKQWlBM2piaW0wVEp4bXdQd2dtUGpLQ3BKWHl4SUVVZ0UxOG0wcW16OXlTTFhRUUlnVUduYjh2RnFOZmpUNmpULwphaXRTUVBjTTQ0RVY5TUFSRGFKUmJFZG0xc1k9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUyTlRJd01UVXhPREl3SGhjTk1qSXdOVEE0TVRNd05qSXlXaGNOTXpJd05UQTFNVE13TmpJeQpXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUyTlRJd01UVXhPREl3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFReFVCbE0rZjlZRVdaL2toN1BMSmZKeU1IenJscFlqd25udVNINE1GTmUKMlhzb1JGb3ltdlVhWDEvWFBIVnpSaVNTZkp6S0tJU0xLM095Y1lnTWhHR29vMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWVXNmRHWlhTc0JPTllDOFVsam05ClZsVWhDNDh3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnWFVsZlJZTVdjMVVhSkcwYXFYME1PRDcvL2VOTG9yVXIKU291NDNuNWlmK0lDSVFDdXNJNmNBcnI2Y2t5cWNHZ1NGRlJwMmxROE40MnIyK2EwN2RPMEFtVWg3dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n    client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUNnME5kRWRSRjRacDBLNzA5R1NHWDhWNXAyZXJ0ZktrN2dHelFnTk1HN1FvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVHdyZUFvbm9yVDZLVnF1WlN1TEovczV3bnRsbG1FZXJYb3l5ZThrcmtFKzJZR1NaSUtwbwpRT1ZBRTUvdm0yN1Nob2ZzclIwT3dGRmFXYTFUVURMbTZ3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=\n",
-            "id": "167.235.247.244:22:/etc/rancher/k3s/k3s.yaml",
+            "content": "apiVersion: v1\nclusters:\n- cluster:\n    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJlRENDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUyTlRRek5EUXdOak13SGhjTk1qSXdOakEwTVRJd01UQXpXaGNOTXpJd05qQXhNVEl3TVRBegpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUyTlRRek5EUXdOak13V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFTaC9BejJrM1RPcVhJdERTb1pZQ0ZYTS85OHg4K1c3S2hkYmgvY2VoVWoKY2ZaK2lXWW1kdlpJV0FUZGNobDZoUnZCYlFkOWhFQTkySTU0KzJIVmVId3VvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVS8xQTNaQ0MvZ3p1dkVaYkk1eVhuCjRBbXhkR0V3Q2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loQUpPVlJxYTVPbTBZL3JzZVJ1SUZvRVFDc213blFDR00KV0lCVi84WDE4VWNIQWlFQTU5TTNwN2ZXQ3dEOEIyMjh6ejJXbGtoYjRUMUg4OEVzeS9abzYzM1kzVjg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n    server: https://127.0.0.1:6443\n  name: default\ncontexts:\n- context:\n    cluster: default\n    user: default\n  name: default\ncurrent-context: default\nkind: Config\npreferences: {}\nusers:\n- name: default\n  user:\n    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrRENDQVRlZ0F3SUJBZ0lJZGY0eWhyNC9ZRGd3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOalUwTXpRME1EWXpNQjRYRFRJeU1EWXdOREV5TURFd00xb1hEVEl6TURZdwpOREV5TURFd00xb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJQdEVZQ0QrSmZSeXdqVVoKZmlDY0dPSHZaeU55NUJVcFU5Z0gxcVIxVFBMTkh0Z3luaXBVU2dhemRpL3FlTXNhYmpzNXRQZVE0cjJGTVVzQQpET0JVZzZpalNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCUndOTnhkWGZlT21sa0YrOGFWYXpvbGtVQWFoekFLQmdncWhrak9QUVFEQWdOSEFEQkUKQWlBMFJIYXJQZHRwZkdhUEpva1RPN3RRcWZHdTNtK1pLUzFhM2RldXY5RVdHUUlnWTVmZS9iVWcyVWMyQ0J6ZwowREZPWnJndHBCdE5ucG9WT24vMVFlQk80MzA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUyTlRRek5EUXdOak13SGhjTk1qSXdOakEwTVRJd01UQXpXaGNOTXpJd05qQXhNVEl3TVRBegpXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUyTlRRek5EUXdOak13V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFSaTh0YTR2eE1GalRqNjd0eE9MWS82T25UcXhsTGRWL0VVV0JFeTg5OXUKSW5mOWRIcDloU0RINWllK0ZOam11QTB3VWhieWF5TFJCNTNDMFBqYkp5OTRvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWNEVGNYVjMzanBwWkJmdkdsV3M2CkpaRkFHb2N3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnRzJOTUpoM2NCRHhVSnJoMHJlRDh4VlN5SjBRK3Vzc3QKclR2NG1VaGg1bjhDSVFERWUzMkRNcDF0bUZSZ1NGTjF4WlZVVmIzdDdjdHFQVE9mSDZRZzB2VVFrQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n    client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUJ5R2pjc29zbi9UVHVPOEJVOWptK1dBcmt5ZHQ1WGNYRWFybmtnNFRnRmFvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFKzBSZ0lQNGw5SExDTlJsK0lKd1k0ZTluSTNMa0ZTbFQyQWZXcEhWTThzMGUyREtlS2xSSwpCck4yTCtwNHl4cHVPem0wOTVEaXZZVXhTd0FNNEZTRHFBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=\n",
+            "id": "142.132.182.232:22:/etc/rancher/k3s/k3s.yaml",
             "path": "/etc/rancher/k3s/k3s.yaml"
           },
-          "sensitive_attributes": []
+          "sensitive_attributes": [
+            [
+              {
+                "type": "get_attr",
+                "value": "conn"
+              },
+              {
+                "type": "index",
+                "value": {
+                  "value": 0,
+                  "type": "number"
+                }
+              },
+              {
+                "type": "get_attr",
+                "value": "agent"
+              }
+            ],
+            [
+              {
+                "type": "get_attr",
+                "value": "conn"
+              },
+              {
+                "type": "index",
+                "value": {
+                  "value": 0,
+                  "type": "number"
+                }
+              },
+              {
+                "type": "get_attr",
+                "value": "private_key"
+              }
+            ]
+          ]
         }
       ]
     },
@@ -1522,21 +345,56 @@
             "conn": [
               {
                 "agent": false,
-                "host": "167.235.247.244",
+                "host": "142.132.182.232",
                 "password": "",
                 "port": 22,
-                "private_key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACDppcjQxBsUMZ1zixjJ/NA8Iz7fgqgste1GlvTEgaYTsgAAAJiZYtI7mWLS\nOwAAAAtzc2gtZWQyNTUxOQAAACDppcjQxBsUMZ1zixjJ/NA8Iz7fgqgste1GlvTEgaYTsg\nAAAEDLWiPDiI2P8wK7bHz6Xxg1LKWEVekqnkLNEdp//Fi4uOmlyNDEGxQxnXOLGMn80Dwj\nPt+CqCy17UaW9MSBphOyAAAAEWNvbnRhY3RAa2p1dWxoLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----",
+                "private_key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACDppcjQxBsUMZ1zixjJ/NA8Iz7fgqgste1GlvTEgaYTsgAAAJiZYtI7mWLS\nOwAAAAtzc2gtZWQyNTUxOQAAACDppcjQxBsUMZ1zixjJ/NA8Iz7fgqgste1GlvTEgaYTsg\nAAAEDLWiPDiI2P8wK7bHz6Xxg1LKWEVekqnkLNEdp//Fi4uOmlyNDEGxQxnXOLGMn80Dwj\nPt+CqCy17UaW9MSBphOyAAAAEWNvbnRhY3RAa2p1dWxoLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n",
                 "private_key_env_var": "",
                 "private_key_path": "",
                 "sudo": false,
                 "user": "root"
               }
             ],
-            "content": "\"apiVersion\": \"kustomize.config.k8s.io/v1beta1\"\n\"kind\": \"Kustomization\"\n\"patchesStrategicMerge\":\n- |\n  apiVersion: apps/v1\n  kind: DaemonSet\n  metadata:\n    name: kured\n    namespace: kube-system\n  spec:\n    selector:\n      matchLabels:\n        name: kured\n    template:\n      metadata:\n        labels:\n          name: kured\n      spec:\n        serviceAccountName: kured\n        containers:\n          - name: kured\n            command:\n              - /usr/bin/kured\n              - --reboot-command=/usr/bin/systemctl reboot\n- |\n  apiVersion: apps/v1\n  kind: Deployment\n  metadata:\n    name: system-upgrade-controller\n    namespace: system-upgrade\n  spec:\n    template:\n      spec:\n        containers:\n          - name: system-upgrade-controller\n            volumeMounts:\n              - name: ca-certificates\n                mountPath: /var/lib/ca-certificates\n        volumes:\n          - name: ca-certificates\n            hostPath:\n              path: /var/lib/ca-certificates\n              type: Directory\n- \"ccm.yaml\"\n\"resources\":\n- \"https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/v1.12.1/ccm-networks.yaml\"\n- \"https://github.com/weaveworks/kured/releases/download/1.9.2/kured-1.9.2-dockerhub.yaml\"\n- \"https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml\"\n- \"https://raw.githubusercontent.com/hetznercloud/csi-driver/v1.6.0/deploy/kubernetes/hcloud-csi.yml\"\n- \"traefik_config.yaml\"\n- \"cert-manager.yaml\"\n",
-            "id": "167.235.247.244:22:/var/post_install/kustomization.yaml",
+            "content": "\"apiVersion\": \"kustomize.config.k8s.io/v1beta1\"\n\"kind\": \"Kustomization\"\n\"patchesStrategicMerge\":\n- |\n  apiVersion: apps/v1\n  kind: DaemonSet\n  metadata:\n    name: kured\n    namespace: kube-system\n  spec:\n    selector:\n      matchLabels:\n        name: kured\n    template:\n      metadata:\n        labels:\n          name: kured\n      spec:\n        serviceAccountName: kured\n        containers:\n          - name: kured\n            command:\n              - /usr/bin/kured\n              - --reboot-command=/usr/bin/systemctl reboot\n- |\n  apiVersion: apps/v1\n  kind: Deployment\n  metadata:\n    name: system-upgrade-controller\n    namespace: system-upgrade\n  spec:\n    template:\n      spec:\n        containers:\n          - name: system-upgrade-controller\n            volumeMounts:\n              - name: ca-certificates\n                mountPath: /var/lib/ca-certificates\n        volumes:\n          - name: ca-certificates\n            hostPath:\n              path: /var/lib/ca-certificates\n              type: Directory\n- \"ccm.yaml\"\n\"resources\":\n- \"https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/v1.12.1/ccm-networks.yaml\"\n- \"https://github.com/weaveworks/kured/releases/download/1.9.2/kured-1.9.2-dockerhub.yaml\"\n- \"https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml\"\n- \"https://raw.githubusercontent.com/hetznercloud/csi-driver/v1.6.0/deploy/kubernetes/hcloud-csi.yml\"\n- \"traefik_config.yaml\"\n",
+            "id": "142.132.182.232:22:/var/post_install/kustomization.yaml",
             "path": "/var/post_install/kustomization.yaml"
           },
-          "sensitive_attributes": []
+          "sensitive_attributes": [
+            [
+              {
+                "type": "get_attr",
+                "value": "conn"
+              },
+              {
+                "type": "index",
+                "value": {
+                  "value": 0,
+                  "type": "number"
+                }
+              },
+              {
+                "type": "get_attr",
+                "value": "private_key"
+              }
+            ],
+            [
+              {
+                "type": "get_attr",
+                "value": "conn"
+              },
+              {
+                "type": "index",
+                "value": {
+                  "value": 0,
+                  "type": "number"
+                }
+              },
+              {
+                "type": "get_attr",
+                "value": "agent"
+              }
+            ]
+          ]
         }
       ]
     },
@@ -1545,42 +403,13 @@
       "mode": "managed",
       "type": "hcloud_firewall",
       "name": "k3s",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
       "instances": [
         {
           "schema_version": 0,
           "attributes": {
-            "apply_to": [
-              {
-                "label_selector": "",
-                "server": 20285806
-              },
-              {
-                "label_selector": "",
-                "server": 20285807
-              },
-              {
-                "label_selector": "",
-                "server": 20285808
-              },
-              {
-                "label_selector": "",
-                "server": 20285809
-              },
-              {
-                "label_selector": "",
-                "server": 20285810
-              },
-              {
-                "label_selector": "",
-                "server": 20285811
-              },
-              {
-                "label_selector": "",
-                "server": 20289430
-              }
-            ],
-            "id": "385507",
+            "apply_to": [],
+            "id": "412602",
             "labels": {},
             "name": "clank",
             "rule": [
@@ -1736,15 +565,15 @@
       "mode": "managed",
       "type": "hcloud_network",
       "name": "k3s",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
       "instances": [
         {
           "schema_version": 0,
           "attributes": {
             "delete_protection": false,
-            "id": "1628275",
+            "id": "1711263",
             "ip_range": "10.0.0.0/8",
-            "labels": {},
+            "labels": null,
             "name": "clank"
           },
           "sensitive_attributes": [],
@@ -1757,16 +586,16 @@
       "mode": "managed",
       "type": "hcloud_network_subnet",
       "name": "agent",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
       "instances": [
         {
           "index_key": 0,
           "schema_version": 0,
           "attributes": {
             "gateway": "10.0.0.1",
-            "id": "1628275-10.0.0.0/16",
+            "id": "1711263-10.0.0.0/16",
             "ip_range": "10.0.0.0/16",
-            "network_id": 1628275,
+            "network_id": 1711263,
             "network_zone": "eu-central",
             "type": "cloud",
             "vswitch_id": null
@@ -1782,9 +611,9 @@
           "schema_version": 0,
           "attributes": {
             "gateway": "10.0.0.1",
-            "id": "1628275-10.1.0.0/16",
+            "id": "1711263-10.1.0.0/16",
             "ip_range": "10.1.0.0/16",
-            "network_id": 1628275,
+            "network_id": 1711263,
             "network_zone": "eu-central",
             "type": "cloud",
             "vswitch_id": null
@@ -1800,9 +629,9 @@
           "schema_version": 0,
           "attributes": {
             "gateway": "10.0.0.1",
-            "id": "1628275-10.2.0.0/16",
+            "id": "1711263-10.2.0.0/16",
             "ip_range": "10.2.0.0/16",
-            "network_id": 1628275,
+            "network_id": 1711263,
             "network_zone": "eu-central",
             "type": "cloud",
             "vswitch_id": null
@@ -1820,16 +649,16 @@
       "mode": "managed",
       "type": "hcloud_network_subnet",
       "name": "control_plane",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
       "instances": [
         {
           "index_key": 0,
           "schema_version": 0,
           "attributes": {
             "gateway": "10.0.0.1",
-            "id": "1628275-10.255.0.0/16",
+            "id": "1711263-10.255.0.0/16",
             "ip_range": "10.255.0.0/16",
-            "network_id": 1628275,
+            "network_id": 1711263,
             "network_zone": "eu-central",
             "type": "cloud",
             "vswitch_id": null
@@ -1845,9 +674,9 @@
           "schema_version": 0,
           "attributes": {
             "gateway": "10.0.0.1",
-            "id": "1628275-10.254.0.0/16",
+            "id": "1711263-10.254.0.0/16",
             "ip_range": "10.254.0.0/16",
-            "network_id": 1628275,
+            "network_id": 1711263,
             "network_zone": "eu-central",
             "type": "cloud",
             "vswitch_id": null
@@ -1863,9 +692,9 @@
           "schema_version": 0,
           "attributes": {
             "gateway": "10.0.0.1",
-            "id": "1628275-10.253.0.0/16",
+            "id": "1711263-10.253.0.0/16",
             "ip_range": "10.253.0.0/16",
-            "network_id": 1628275,
+            "network_id": 1711263,
             "network_zone": "eu-central",
             "type": "cloud",
             "vswitch_id": null
@@ -1883,21 +712,16 @@
       "mode": "managed",
       "type": "hcloud_placement_group",
       "name": "agent",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
       "instances": [
         {
           "index_key": 0,
           "schema_version": 0,
           "attributes": {
-            "id": "41238",
-            "labels": {},
+            "id": "47148",
+            "labels": null,
             "name": "clank-agent-1",
-            "servers": [
-              20285807,
-              20285809,
-              20285811,
-              20289430
-            ],
+            "servers": [],
             "type": "spread"
           },
           "sensitive_attributes": [],
@@ -1910,20 +734,16 @@
       "mode": "managed",
       "type": "hcloud_placement_group",
       "name": "control_plane",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
       "instances": [
         {
           "index_key": 0,
           "schema_version": 0,
           "attributes": {
-            "id": "41239",
-            "labels": {},
+            "id": "47147",
+            "labels": null,
             "name": "clank-control-plane-1",
-            "servers": [
-              20285806,
-              20285808,
-              20285810
-            ],
+            "servers": [],
             "type": "spread"
           },
           "sensitive_attributes": [],
@@ -1936,16 +756,17 @@
       "mode": "managed",
       "type": "hcloud_ssh_key",
       "name": "k3s",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
       "instances": [
         {
+          "index_key": 0,
           "schema_version": 0,
           "attributes": {
             "fingerprint": "f4:16:88:3f:66:9e:f5:7d:d9:ed:20:0e:6a:55:a2:c3",
-            "id": "6372775",
-            "labels": {},
+            "id": "6654542",
+            "labels": null,
             "name": "clank",
-            "public_key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io"
+            "public_key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n"
           },
           "sensitive_attributes": [],
           "private": "bnVsbA=="
@@ -1962,12 +783,12 @@
         {
           "schema_version": 0,
           "attributes": {
-            "content": "\"apiVersion\": \"kustomize.config.k8s.io/v1beta1\"\n\"kind\": \"Kustomization\"\n\"patchesStrategicMerge\":\n- |\n  apiVersion: apps/v1\n  kind: DaemonSet\n  metadata:\n    name: kured\n    namespace: kube-system\n  spec:\n    selector:\n      matchLabels:\n        name: kured\n    template:\n      metadata:\n        labels:\n          name: kured\n      spec:\n        serviceAccountName: kured\n        containers:\n          - name: kured\n            command:\n              - /usr/bin/kured\n              - --reboot-command=/usr/bin/systemctl reboot\n- |\n  apiVersion: apps/v1\n  kind: Deployment\n  metadata:\n    name: system-upgrade-controller\n    namespace: system-upgrade\n  spec:\n    template:\n      spec:\n        containers:\n          - name: system-upgrade-controller\n            volumeMounts:\n              - name: ca-certificates\n                mountPath: /var/lib/ca-certificates\n        volumes:\n          - name: ca-certificates\n            hostPath:\n              path: /var/lib/ca-certificates\n              type: Directory\n- \"ccm.yaml\"\n\"resources\":\n- \"https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/v1.12.1/ccm-networks.yaml\"\n- \"https://github.com/weaveworks/kured/releases/download/1.9.2/kured-1.9.2-dockerhub.yaml\"\n- \"https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml\"\n- \"https://raw.githubusercontent.com/hetznercloud/csi-driver/v1.6.0/deploy/kubernetes/hcloud-csi.yml\"\n- \"traefik_config.yaml\"\n- \"cert-manager.yaml\"\n",
+            "content": "\"apiVersion\": \"kustomize.config.k8s.io/v1beta1\"\n\"kind\": \"Kustomization\"\n\"patchesStrategicMerge\":\n- |\n  apiVersion: apps/v1\n  kind: DaemonSet\n  metadata:\n    name: kured\n    namespace: kube-system\n  spec:\n    selector:\n      matchLabels:\n        name: kured\n    template:\n      metadata:\n        labels:\n          name: kured\n      spec:\n        serviceAccountName: kured\n        containers:\n          - name: kured\n            command:\n              - /usr/bin/kured\n              - --reboot-command=/usr/bin/systemctl reboot\n- |\n  apiVersion: apps/v1\n  kind: Deployment\n  metadata:\n    name: system-upgrade-controller\n    namespace: system-upgrade\n  spec:\n    template:\n      spec:\n        containers:\n          - name: system-upgrade-controller\n            volumeMounts:\n              - name: ca-certificates\n                mountPath: /var/lib/ca-certificates\n        volumes:\n          - name: ca-certificates\n            hostPath:\n              path: /var/lib/ca-certificates\n              type: Directory\n- \"ccm.yaml\"\n\"resources\":\n- \"https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/v1.12.1/ccm-networks.yaml\"\n- \"https://github.com/weaveworks/kured/releases/download/1.9.2/kured-1.9.2-dockerhub.yaml\"\n- \"https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml\"\n- \"https://raw.githubusercontent.com/hetznercloud/csi-driver/v1.6.0/deploy/kubernetes/hcloud-csi.yml\"\n- \"traefik_config.yaml\"\n",
             "content_base64": null,
             "directory_permission": "0777",
             "file_permission": "600",
-            "filename": "kustomization_backup.yaml",
-            "id": "dbde5be8a5091a964a3247a6c23b5ab4f8e9eb26",
+            "filename": "clank_kustomization_backup.yaml",
+            "id": "1694cc7a4f94aa22b006ea774211e9b61d094424",
             "sensitive_content": null,
             "source": null
           },
@@ -1988,11 +809,13 @@
             "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
             "module.kube-hetzner.module.control_planes.hcloud_server.server",
             "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
+            "module.kube-hetzner.module.control_planes.random_string.identity_file",
             "module.kube-hetzner.module.control_planes.random_string.server",
             "module.kube-hetzner.null_resource.control_planes",
             "module.kube-hetzner.null_resource.first_control_plane",
             "module.kube-hetzner.null_resource.kustomization",
-            "module.kube-hetzner.random_password.k3s_token"
+            "module.kube-hetzner.random_password.k3s_token",
+            "module.kube-hetzner.random_password.rancher_bootstrap"
           ]
         }
       ]
@@ -2007,12 +830,12 @@
         {
           "schema_version": 0,
           "attributes": {
-            "content": "apiVersion: v1\nclusters:\n- cluster:\n    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJlRENDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUyTlRJd01UVXhPREl3SGhjTk1qSXdOVEE0TVRNd05qSXlXaGNOTXpJd05UQTFNVE13TmpJeQpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUyTlRJd01UVXhPREl3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFReW45YTd2ZW1MUzZheE1sbjlvaHRTUENtZTRMaDJZYnJlY0ZHbk1pRmUKeWtKMEllSElEQjBZb3htMzM1NVFjMm5DOW1QODhQUTNlZ2lya2Zkc0pXZFdvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWd4aDhLMDVNeklhbHoxb0k3a0lQCjZleVZCVVl3Q2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loQUpwNDJiR1JSK0R5dG8xcFh5SHk1dDZDYS9RNjdoNCsKYWRIVjBsQ2RkRlBWQWlFQXQ2RkpZUXZXcUg2LzlqNkY2K3JFZ0NTZFRwbUM5VDNDd1ZpZm1hNXo4K3M9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n    server: https://167.235.247.244:6443\n  name: default\ncontexts:\n- context:\n    cluster: default\n    user: default\n  name: default\ncurrent-context: default\nkind: Config\npreferences: {}\nusers:\n- name: default\n  user:\n    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrRENDQVRlZ0F3SUJBZ0lJWHF3azVwR1ZNRG93Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOalV5TURFMU1UZ3lNQjRYRFRJeU1EVXdPREV6TURZeU1sb1hEVEl6TURVdwpPREV6TURZeU1sb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJFOEszZ0tKNkswK2lsYXIKbVVyaXlmN09jSjdaWlpoSHExNk1zbnZKSzVCUHRtQmttU0NxYUVEbFFCT2Y3NXR1MG9hSDdLMGREc0JSV2xtdApVMUF5NXV1alNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCUjVicDBabGRLd0U0MWdMeFNXT2IxV1ZTRUxqekFLQmdncWhrak9QUVFEQWdOSEFEQkUKQWlBM2piaW0wVEp4bXdQd2dtUGpLQ3BKWHl4SUVVZ0UxOG0wcW16OXlTTFhRUUlnVUduYjh2RnFOZmpUNmpULwphaXRTUVBjTTQ0RVY5TUFSRGFKUmJFZG0xc1k9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUyTlRJd01UVXhPREl3SGhjTk1qSXdOVEE0TVRNd05qSXlXaGNOTXpJd05UQTFNVE13TmpJeQpXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUyTlRJd01UVXhPREl3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFReFVCbE0rZjlZRVdaL2toN1BMSmZKeU1IenJscFlqd25udVNINE1GTmUKMlhzb1JGb3ltdlVhWDEvWFBIVnpSaVNTZkp6S0tJU0xLM095Y1lnTWhHR29vMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWVXNmRHWlhTc0JPTllDOFVsam05ClZsVWhDNDh3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnWFVsZlJZTVdjMVVhSkcwYXFYME1PRDcvL2VOTG9yVXIKU291NDNuNWlmK0lDSVFDdXNJNmNBcnI2Y2t5cWNHZ1NGRlJwMmxROE40MnIyK2EwN2RPMEFtVWg3dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n    client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUNnME5kRWRSRjRacDBLNzA5R1NHWDhWNXAyZXJ0ZktrN2dHelFnTk1HN1FvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVHdyZUFvbm9yVDZLVnF1WlN1TEovczV3bnRsbG1FZXJYb3l5ZThrcmtFKzJZR1NaSUtwbwpRT1ZBRTUvdm0yN1Nob2ZzclIwT3dGRmFXYTFUVURMbTZ3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=\n",
+            "content": "apiVersion: v1\nclusters:\n- cluster:\n    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJlRENDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUyTlRRek5EUXdOak13SGhjTk1qSXdOakEwTVRJd01UQXpXaGNOTXpJd05qQXhNVEl3TVRBegpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUyTlRRek5EUXdOak13V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFTaC9BejJrM1RPcVhJdERTb1pZQ0ZYTS85OHg4K1c3S2hkYmgvY2VoVWoKY2ZaK2lXWW1kdlpJV0FUZGNobDZoUnZCYlFkOWhFQTkySTU0KzJIVmVId3VvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVS8xQTNaQ0MvZ3p1dkVaYkk1eVhuCjRBbXhkR0V3Q2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loQUpPVlJxYTVPbTBZL3JzZVJ1SUZvRVFDc213blFDR00KV0lCVi84WDE4VWNIQWlFQTU5TTNwN2ZXQ3dEOEIyMjh6ejJXbGtoYjRUMUg4OEVzeS9abzYzM1kzVjg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n    server: https://142.132.182.232:6443\n  name: default\ncontexts:\n- context:\n    cluster: default\n    user: default\n  name: default\ncurrent-context: default\nkind: Config\npreferences: {}\nusers:\n- name: default\n  user:\n    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrRENDQVRlZ0F3SUJBZ0lJZGY0eWhyNC9ZRGd3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOalUwTXpRME1EWXpNQjRYRFRJeU1EWXdOREV5TURFd00xb1hEVEl6TURZdwpOREV5TURFd00xb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJQdEVZQ0QrSmZSeXdqVVoKZmlDY0dPSHZaeU55NUJVcFU5Z0gxcVIxVFBMTkh0Z3luaXBVU2dhemRpL3FlTXNhYmpzNXRQZVE0cjJGTVVzQQpET0JVZzZpalNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCUndOTnhkWGZlT21sa0YrOGFWYXpvbGtVQWFoekFLQmdncWhrak9QUVFEQWdOSEFEQkUKQWlBMFJIYXJQZHRwZkdhUEpva1RPN3RRcWZHdTNtK1pLUzFhM2RldXY5RVdHUUlnWTVmZS9iVWcyVWMyQ0J6ZwowREZPWnJndHBCdE5ucG9WT24vMVFlQk80MzA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUyTlRRek5EUXdOak13SGhjTk1qSXdOakEwTVRJd01UQXpXaGNOTXpJd05qQXhNVEl3TVRBegpXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUyTlRRek5EUXdOak13V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFSaTh0YTR2eE1GalRqNjd0eE9MWS82T25UcXhsTGRWL0VVV0JFeTg5OXUKSW5mOWRIcDloU0RINWllK0ZOam11QTB3VWhieWF5TFJCNTNDMFBqYkp5OTRvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWNEVGNYVjMzanBwWkJmdkdsV3M2CkpaRkFHb2N3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnRzJOTUpoM2NCRHhVSnJoMHJlRDh4VlN5SjBRK3Vzc3QKclR2NG1VaGg1bjhDSVFERWUzMkRNcDF0bUZSZ1NGTjF4WlZVVmIzdDdjdHFQVE9mSDZRZzB2VVFrQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n    client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUJ5R2pjc29zbi9UVHVPOEJVOWptK1dBcmt5ZHQ1WGNYRWFybmtnNFRnRmFvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFKzBSZ0lQNGw5SExDTlJsK0lKd1k0ZTluSTNMa0ZTbFQyQWZXcEhWTThzMGUyREtlS2xSSwpCck4yTCtwNHl4cHVPem0wOTVEaXZZVXhTd0FNNEZTRHFBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=\n",
             "content_base64": null,
             "directory_permission": "0700",
             "file_permission": "600",
-            "filename": "kubeconfig.yaml",
-            "id": "51b0f8e4bb7ae75ae8aed2aa818d47ff02cfdd0e",
+            "filename": "clank_kubeconfig.yaml",
+            "id": "07ed90e2cb45133be9e752c990276c6cd51f6112",
             "source": null
           },
           "sensitive_attributes": [],
@@ -2027,6 +850,7 @@
             "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
             "module.kube-hetzner.module.control_planes.hcloud_server.server",
             "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
+            "module.kube-hetzner.module.control_planes.random_string.identity_file",
             "module.kube-hetzner.module.control_planes.random_string.server",
             "module.kube-hetzner.null_resource.control_planes",
             "module.kube-hetzner.null_resource.first_control_plane",
@@ -2046,40 +870,9 @@
           "index_key": "0-0-agent-small1",
           "schema_version": 0,
           "attributes": {
-            "id": "2176505815644718391",
+            "id": "4017788061829142869",
             "triggers": {
-              "agent_id": "20285807"
-            }
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.hcloud_server.server",
-            "module.kube-hetzner.module.agents.hcloud_server_network.server",
-            "module.kube-hetzner.module.agents.random_string.server",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
-            "module.kube-hetzner.module.control_planes.random_string.server",
-            "module.kube-hetzner.null_resource.first_control_plane",
-            "module.kube-hetzner.random_password.k3s_token"
-          ]
-        },
-        {
-          "index_key": "1-0-agent-small2",
-          "schema_version": 0,
-          "attributes": {
-            "id": "2844766948829955151",
-            "triggers": {
-              "agent_id": "20285811"
+              "agent_id": "21030909"
             }
           },
           "sensitive_attributes": [],
@@ -2095,10 +888,12 @@
             "module.kube-hetzner.module.agents.data.cloudinit_config.config",
             "module.kube-hetzner.module.agents.hcloud_server.server",
             "module.kube-hetzner.module.agents.hcloud_server_network.server",
+            "module.kube-hetzner.module.agents.random_string.identity_file",
             "module.kube-hetzner.module.agents.random_string.server",
             "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
             "module.kube-hetzner.module.control_planes.hcloud_server.server",
             "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
+            "module.kube-hetzner.module.control_planes.random_string.identity_file",
             "module.kube-hetzner.module.control_planes.random_string.server",
             "module.kube-hetzner.null_resource.first_control_plane",
             "module.kube-hetzner.random_password.k3s_token"
@@ -2108,14 +903,15 @@
           "index_key": "2-0-storage1",
           "schema_version": 0,
           "attributes": {
-            "id": "6929446356437947923",
+            "id": "2021479560687393717",
             "triggers": {
-              "agent_id": "20285809"
+              "agent_id": "21030913"
             }
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
           "dependencies": [
+            "module.kube-hetzner.hcloud_firewall.k3s",
             "module.kube-hetzner.hcloud_network.k3s",
             "module.kube-hetzner.hcloud_network_subnet.agent",
             "module.kube-hetzner.hcloud_network_subnet.control_plane",
@@ -2123,44 +919,14 @@
             "module.kube-hetzner.hcloud_placement_group.control_plane",
             "module.kube-hetzner.hcloud_ssh_key.k3s",
             "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.random_string.server",
-            "module.kube-hetzner.module.agents.hcloud_server.server",
-            "module.kube-hetzner.module.agents.hcloud_server.server",
-            "module.kube-hetzner.module.agents.hcloud_server_network.server",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
-            "module.kube-hetzner.module.control_planes.random_string.server",
-            "module.kube-hetzner.null_resource.first_control_plane",
-            "module.kube-hetzner.random_password.k3s_token"
-          ]
-        },
-        {
-          "index_key": "2-1-storage1",
-          "schema_version": 0,
-          "attributes": {
-            "id": "8807962960687335091",
-            "triggers": {
-              "agent_id": "20289430"
-            }
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.random_string.server",
-            "module.kube-hetzner.module.agents.hcloud_server.server",
             "module.kube-hetzner.module.agents.hcloud_server.server",
             "module.kube-hetzner.module.agents.hcloud_server_network.server",
+            "module.kube-hetzner.module.agents.random_string.identity_file",
+            "module.kube-hetzner.module.agents.random_string.server",
             "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
             "module.kube-hetzner.module.control_planes.hcloud_server.server",
             "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
+            "module.kube-hetzner.module.control_planes.random_string.identity_file",
             "module.kube-hetzner.module.control_planes.random_string.server",
             "module.kube-hetzner.null_resource.first_control_plane",
             "module.kube-hetzner.random_password.k3s_token"
@@ -2179,9 +945,9 @@
           "index_key": "0-0-control-plane-fsn1",
           "schema_version": 0,
           "attributes": {
-            "id": "2906291804049488022",
+            "id": "7807642786198214523",
             "triggers": {
-              "control_plane_id": "20285806"
+              "control_plane_id": "21030914"
             }
           },
           "sensitive_attributes": [],
@@ -2195,6 +961,7 @@
             "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
             "module.kube-hetzner.module.control_planes.hcloud_server.server",
             "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
+            "module.kube-hetzner.module.control_planes.random_string.identity_file",
             "module.kube-hetzner.module.control_planes.random_string.server",
             "module.kube-hetzner.null_resource.first_control_plane",
             "module.kube-hetzner.random_password.k3s_token"
@@ -2204,9 +971,9 @@
           "index_key": "1-0-control-plane-nbg1",
           "schema_version": 0,
           "attributes": {
-            "id": "7519334347044594476",
+            "id": "5803799578768166593",
             "triggers": {
-              "control_plane_id": "20285810"
+              "control_plane_id": "21030912"
             }
           },
           "sensitive_attributes": [],
@@ -2220,6 +987,7 @@
             "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
             "module.kube-hetzner.module.control_planes.hcloud_server.server",
             "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
+            "module.kube-hetzner.module.control_planes.random_string.identity_file",
             "module.kube-hetzner.module.control_planes.random_string.server",
             "module.kube-hetzner.null_resource.first_control_plane",
             "module.kube-hetzner.random_password.k3s_token"
@@ -2229,9 +997,9 @@
           "index_key": "2-0-control-plane-hel1",
           "schema_version": 0,
           "attributes": {
-            "id": "7465071128357046031",
+            "id": "3635468883212270278",
             "triggers": {
-              "control_plane_id": "20285808"
+              "control_plane_id": "21030910"
             }
           },
           "sensitive_attributes": [],
@@ -2245,6 +1013,7 @@
             "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
             "module.kube-hetzner.module.control_planes.hcloud_server.server",
             "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
+            "module.kube-hetzner.module.control_planes.random_string.identity_file",
             "module.kube-hetzner.module.control_planes.random_string.server",
             "module.kube-hetzner.null_resource.first_control_plane",
             "module.kube-hetzner.random_password.k3s_token"
@@ -2262,9 +1031,10 @@
         {
           "schema_version": 0,
           "attributes": {
-            "id": "5718072141935869582",
+            "id": "1790329008838659956",
             "triggers": {
-              "kustomization_id": "6932703477613162485"
+              "cluster_name": "clank",
+              "kustomization_id": "6088396699429752181"
             }
           },
           "sensitive_attributes": [],
@@ -2285,11 +1055,13 @@
             "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
             "module.kube-hetzner.module.control_planes.hcloud_server.server",
             "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
+            "module.kube-hetzner.module.control_planes.random_string.identity_file",
             "module.kube-hetzner.module.control_planes.random_string.server",
             "module.kube-hetzner.null_resource.control_planes",
             "module.kube-hetzner.null_resource.first_control_plane",
             "module.kube-hetzner.null_resource.kustomization",
-            "module.kube-hetzner.random_password.k3s_token"
+            "module.kube-hetzner.random_password.k3s_token",
+            "module.kube-hetzner.random_password.rancher_bootstrap"
           ]
         }
       ]
@@ -2304,7 +1076,7 @@
         {
           "schema_version": 0,
           "attributes": {
-            "id": "8493463504988894518",
+            "id": "6286931890177495938",
             "triggers": null
           },
           "sensitive_attributes": [],
@@ -2318,6 +1090,7 @@
             "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
             "module.kube-hetzner.module.control_planes.hcloud_server.server",
             "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
+            "module.kube-hetzner.module.control_planes.random_string.identity_file",
             "module.kube-hetzner.module.control_planes.random_string.server",
             "module.kube-hetzner.random_password.k3s_token"
           ]
@@ -2334,7 +1107,7 @@
         {
           "schema_version": 0,
           "attributes": {
-            "id": "6932703477613162485",
+            "id": "6088396699429752181",
             "triggers": null
           },
           "sensitive_attributes": [],
@@ -2353,10 +1126,12 @@
             "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
             "module.kube-hetzner.module.control_planes.hcloud_server.server",
             "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
+            "module.kube-hetzner.module.control_planes.random_string.identity_file",
             "module.kube-hetzner.module.control_planes.random_string.server",
             "module.kube-hetzner.null_resource.control_planes",
             "module.kube-hetzner.null_resource.first_control_plane",
-            "module.kube-hetzner.random_password.k3s_token"
+            "module.kube-hetzner.random_password.k3s_token",
+            "module.kube-hetzner.random_password.rancher_bootstrap"
           ]
         }
       ]
@@ -2369,8 +1144,9 @@
       "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
       "instances": [
         {
-          "schema_version": 0,
+          "schema_version": 1,
           "attributes": {
+            "bcrypt_hash": "$2a$10$P/ht94jhK56szeFs6mIVT.c4RM1AvMkwqFOQkoKfdvNkJ5xPT0w9m",
             "id": "none",
             "keepers": null,
             "length": 48,
@@ -2381,12 +1157,43 @@
             "min_upper": 0,
             "number": true,
             "override_special": null,
-            "result": "5udRUWWljozBPauxJF4pbyDKc9aljYVyLITb5KN692dFczeK",
+            "result": "EQlqW4QjRiJAcv7Fd0Cgu0NFageEumwbaXkr7XyRiSx5tvuf",
             "special": false,
             "upper": true
           },
           "sensitive_attributes": [],
-          "private": "bnVsbA=="
+          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ=="
+        }
+      ]
+    },
+    {
+      "module": "module.kube-hetzner",
+      "mode": "managed",
+      "type": "random_password",
+      "name": "rancher_bootstrap",
+      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
+      "instances": [
+        {
+          "index_key": 0,
+          "schema_version": 1,
+          "attributes": {
+            "bcrypt_hash": "$2a$10$L8Yq97KEie3QTyfLn5bueOewaIzbyaAe3u4zxbx30bHr/sQXLJ216",
+            "id": "none",
+            "keepers": null,
+            "length": 48,
+            "lower": true,
+            "min_lower": 0,
+            "min_numeric": 0,
+            "min_special": 0,
+            "min_upper": 0,
+            "number": true,
+            "override_special": null,
+            "result": "R#a\u003cWz@0{)JM1z9@Dfy(]OJ3U$mZ2kh-zXL5Y%_e=lKI@eC1",
+            "special": true,
+            "upper": true
+          },
+          "sensitive_attributes": [],
+          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ=="
         }
       ]
     },
@@ -2403,16 +1210,16 @@
             "base64_encode": true,
             "boundary": "MIMEBOUNDARY",
             "gzip": true,
-            "id": "3259911983",
+            "id": "967727445",
             "part": [
               {
-                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-agent-small1-mdr\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
+                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-agent-small1-qlb\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
                 "content_type": "text/cloud-config",
                 "filename": "init.cfg",
                 "merge_type": ""
               }
             ],
-            "rendered": "H4sIAAAAAAAA/4xW4W/ayBP9bin/w8j5wO+nw3ZIWrWlQjoHaIpa4xw4be+qCC27A95i7/p21yGO7o8/7TppSEiaE+LDzjzem30zHjOUwqAwQdZU2IeyLgyviDJRya+RvYelrAUjqhn4ySQZn6YX01E8+9P37Cn4gkpzKfrQC48OvAMvCHZBB94d94jrSmpuHJYYQ2heojDvYcULFKTEgc8FNyFdrf37X2WKCL1CFYwFlYyLdR/eLLnZAbiSDV6biBayZgGVYsXXB17CS9wr7nAX43lbxQ0ubAG673mHMHTxWiGYHKFS/IoYBIFmK9UGuDCoVoSiFwBt5fvwjwcAcJqm2fkszdJBh+W06rjgPItnWZKOxoMOqY20wYqYvA8RGhrpRrdlRLf8EV/R1TpAk/dsLSOuybJA0DqHimi9lYoBqU2OwnBKrI/7dZzfAuMHOBDSZb/1eh+k2hJljbwLJuTaojPFUcOxC8VFIbcZrfbBLhOvUZgncrXJpeI3yD5hoz/wAiHUOo/Iz/hig41+5ILO7ZctWi9CFm3qJQY5mhuBKrRRa8YcDShcSmmgRJNLBkSDv6kVMn/fhdnY9mORjLOP6WjgUA9VjZ0qQq03pAjqihGDP7WGCm3XZ0TQHBUorCTcDsye0nfVooLNiQ6oLEspAm1s3y5d3s31HdOnEw1Dh4H/taD/O9CSaKxVMciNqXQ/ilRVhre8IZfR5kRHLTxqFaKSUyWljoQkiuaOA4UFsEHPndbVmuZIN7dHe4XFz9jRHWSDzXOaVb0sOA032Dw07qapqsjS6ZBF+3cPbcp6GDPmBve+9+B6r3W+eDQPfQ8gsOAA2fHr1713EMdxPDyZ3pBhr/hrNOlNs/FrG5ukZdFMR+Oz6z+uxbf081ki3h6Ntj/OzW/Dv4dN780F+foumZ9Wedq4RhFqft/8qOsiD7kra4aa3yBEV0R1QUgDUdcOksmJ6Wj3zBdEG7C7zy0q4AISa3Y6B16SNYbeWsmtzfediwyvOEXdh+++JfUvrUpCNgj6bovkUhs7BsA1aDRApVJITdF4d5k+0IKITUDscxXokhRFLyiZ8iqFGtUVLu6RRtXoeaoWtGRuZcUayFJeYRfKZ2XtTS2V8QL4rpF1oRPwThc6OpqOs2E6/TA5W0wn88V8nI3SJJ5Mp3EyHvgNav/XCCH9aN3pPrfR2uPlvuzo4/DzZDzNLN/iYzrPdgSfyb0gZdeuc/8rOpuHdtGvCqIQRtM5OB+V7sJK2hWGDJYNnEm5LtBOAIEloZu6+pVBo+l8Mc/ibDJczMezL+PZfOD7L+R7ofvY1094FPbgbeg+/8k07xBO7Yu3HUxSyloYkCso5LodWaBE2IZf8SsEKRxMN9pguX+Nw7lLJOT6QuMgenA6OXtQjsGSRT9krQQpmNuKTzTwMCHXM7SrkEsxRzqIHgd6W8TNi8TuoWQ1xfaWDFekLgyIulyisrfVglQ6l0bDSskSjoPe0V224CU3XTASXgERrAW8egwAXlZSGSJa6PETLb5ITsezxedJMskGvlXwH8Ve7TZMkKpCddsmHSkpzRMG7RIsJsl5OsviqaXao9/NnrwodP/PQEMtBCJD5qbb7iFXhjOamqILrAXaqgIht7aw9iVarlV4+5vO5d5/tiA48P4NAAD//zWzz/kSCgAA"
+            "rendered": "H4sIAAAAAAAA/4xWYW/ayhL9bin/YeR84D09bIekVVsqpOcATVFrnAtO23urCC27A95i77q76xBH98df7TppSEiaK8SHnTmcM3tmPGYohUFhgqypsA9lXRheEWWikl8jew9LWQtGVDPwk0kyPk0vpqN49qfv2VPwBZXmUvShFx4deAdeEOyCDrw77hHXldTcOCwxhtC8RGHew4oXKEiJA58LbkK6Wvv3v8oUEXqFKhgLKhkX6z68WXKzA3AlG7w2ES1kzQIqxYqvD7yEl7hX3OEuxvO2ihtc2AJ03/MOYejitUIwOUKl+BUxCALNVqoNcGFQrQhFLwDayvfhbw8A4DRNs/NZmqWDDstp1XHBeRbPsiQdjQcdUhtpgxUxeR8iNDTSjW7LiG75I76iq3WAJu/ZWkZck2WBoHUOFdF6KxUDUpscheGUWB/36zi/BcYPcCCky37r9T5ItSXKGnkXTMi1RWeKo4ZjF4qLQm4zWu2DXSZeozBP5GqTS8VvkH3CRn/gBUKodR6RX/HFBhv9yAWd2y9btF6ELNrUSwxyNDcCVWij1ow5GlC4lNJAiSaXDIgGf1MrZP6+C7Ox7cciGWcf09HAoR6qGjtVhFpvSBHUFSMGf2kNFdquz4igOSpQWEm4HZg9pe+qRQWbEx1QWZZSBNrYvl26vJvrO6ZPJxqGDgP/aUH/daAl0VirYpAbU+l+FKmqDG95Qy6jzYmOWnjUKkQlp0pKHQlJFM0dBwoLYIOeO62rNc2Rbm6P9gqLX7GjO8gGm+c0q3pZcBpusHlo3E1TVZGl0yGL9u8e2pT1MGbMDe5978H1Xut88Wge+h5AYMEBsuPXr3vvII7jeHgyvSHDXvHXaNKbZuPXNjZJy6KZjsZn139ci2/p57NEvD0abX+cm/8Nfw6b3psL8vVdMj+t8rRxjSLU/H/zo66LPOTSs3XNUPMbhOiKqC4IaSDq2kkyOTEd7R76gmgDdvm5TQVcQGLdTufAS7LG0FsrubX5vrOR4RWnqPvw3bek/qVVScgGQd+tkVxqY+cAuAaNBqhUCqkpGu8u0wdaELEJiH2wAl2SougFP4ulVynUqK5wcY80qkbPU7WgJXM7K9ZAlvIKu1A+K2tvaqmMF8B3jawLnYB3utDR0XScDdPph8nZYjqZL+bjbJQm8WQ6jZPxwG9Q+79HCOlH6073uZXWHi/3ZUcfh58n42lm+RYf03m2I/hM7gUpu3ed+1/R2Ty0m35VEIUwms7B+ah0F1bS7jBksGzgTMp1gXYCCCwJ3dTV7wwaTeeLeRZnk+FiPp59Gc/mA99/Id8L3ce+f8KjsAdvQ/f5V6Z5h3Bq37ztYJJS1sKAXEEh1+3IAiXCNvyKXyFI4WC60QbL/Wsczl0iIdcXGgfRg9PJ2YNyDJYs+iFrJUjB3Fp8ooGHCbmeod2FXIo50kH0ONDbIm5eJHYPJasptrdkuCJ1YUDU5RKVva0WpNK5NBpWSpZwHPSO7rIFL7npgpHwCohgLeDVYwDwspLKENFCj59o8UVyOp4tPk+SSTbwrYL/KPZqt2GCVBWq2zbpSElpnjBol2AxSc7TWRZPLdUe/W725EWh+78GGmohEBkyN912D7kynNHUFF1gLdBWFQi5tYW1b9FyrcLb33Qu9/60BcGB908AAAD//6gd4fsTCgAA"
           },
           "sensitive_attributes": []
         }
@@ -2423,7 +1230,7 @@
       "mode": "managed",
       "type": "hcloud_server",
       "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
       "instances": [
         {
           "schema_version": 0,
@@ -2433,621 +1240,9 @@
             "datacenter": "fsn1-dc14",
             "delete_protection": false,
             "firewall_ids": [
-              385507
+              412602
             ],
-            "id": "20285807",
-            "ignore_remote_firewall_ids": false,
-            "image": "ubuntu-20.04",
-            "ipv4_address": "142.132.182.232",
-            "ipv6_address": "2a01:4f8:c012:d1c0::1",
-            "ipv6_network": "2a01:4f8:c012:d1c0::/64",
-            "iso": null,
-            "keep_disk": false,
-            "labels": {
-              "engine": "k3s",
-              "provisioner": "terraform"
-            },
-            "location": "fsn1",
-            "name": "clank-agent-small1-mdr",
-            "network": [],
-            "placement_group_id": 41238,
-            "rebuild_protection": false,
-            "rescue": "linux64",
-            "server_type": "cpx11",
-            "ssh_keys": [
-              "6372775"
-            ],
-            "status": "running",
-            "timeouts": null,
-            "user_data": "D7VXcW+8XFUt2rIoXtjcDwVNF9U="
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0=",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"0-0-agent-small1\"]",
-      "mode": "managed",
-      "type": "hcloud_server_network",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "alias_ips": [],
-            "id": "20285807-1628275",
-            "ip": "10.0.0.101",
-            "mac_address": "86:00:00:0f:24:bf",
-            "network_id": null,
-            "server_id": 20285807,
-            "subnet_id": "1628275-10.0.0.0/16"
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.hcloud_server.server",
-            "module.kube-hetzner.module.agents.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"0-0-agent-small1\"]",
-      "mode": "managed",
-      "type": "random_string",
-      "name": "server",
-      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
-      "instances": [
-        {
-          "schema_version": 1,
-          "attributes": {
-            "id": "mdr",
-            "keepers": {
-              "name": "clank-agent-small1"
-            },
-            "length": 3,
-            "lower": true,
-            "min_lower": 0,
-            "min_numeric": 0,
-            "min_special": 0,
-            "min_upper": 0,
-            "number": false,
-            "override_special": null,
-            "result": "mdr",
-            "special": false,
-            "upper": false
-          },
-          "sensitive_attributes": [],
-          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"1-0-agent-small2\"]",
-      "mode": "data",
-      "type": "cloudinit_config",
-      "name": "config",
-      "provider": "provider[\"registry.terraform.io/hashicorp/cloudinit\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "base64_encode": true,
-            "boundary": "MIMEBOUNDARY",
-            "gzip": true,
-            "id": "2042315058",
-            "part": [
-              {
-                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-agent-small2-tqu\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
-                "content_type": "text/cloud-config",
-                "filename": "init.cfg",
-                "merge_type": ""
-              }
-            ],
-            "rendered": "H4sIAAAAAAAA/4xWYW/ayhL9bin/YeR84D09bIekVVsqpOcATVFrnAtO23urCC27A95i77q76xBH98df7TppSEiaK8SHnTmcM3tmPGYohUFhgqypsA9lXRheEWWikl8jew9LWQtGVDPwk0kyPk0vpqN49qfv2VPwBZXmUvShFx4deAdeEOyCDrw77hHXldTcOCwxhtC8RGHew4oXKEiJA58LbkK6Wvv3v8oUEXqFKhgLKhkX6z68WXKzA3AlG7w2ES1kzQIqxYqvD7yEl7hX3OEuxvO2ihtc2AJ03/MOYejitUIwOUKl+BUxCALNVqoNcGFQrQhFLwDayvfhbw8A4DRNs/NZmqWDDstp1XHBeRbPsiQdjQcdUhtpgxUxeR8iNDTSjW7LiG75I76iq3WAJu/ZWkZck2WBoHUOFdF6KxUDUpscheGUWB/36zi/BcYPcCCky37r9T5ItSXKGnkXTMi1RWeKo4ZjF4qLQm4zWu2DXSZeozBP5GqTS8VvkH3CRn/gBUKodR6RX/HFBhv9yAWd2y9btF6ELNrUSwxyNDcCVWij1ow5GlC4lNJAiSaXDIgGf1MrZP6+C7Ox7cciGWcf09HAoR6qGjtVhFpvSBHUFSMGf2kNFdquz4igOSpQWEm4HZg9pe+qRQWbEx1QWZZSBNrYvl26vJvrO6ZPJxqGDgP/aUH/daAl0VirYpAbU+l+FKmqDG95Qy6jzYmOWnjUKkQlp0pKHQlJFM0dBwoLYIOeO62rNc2Rbm6P9gqLX7GjO8gGm+c0q3pZcBpusHlo3E1TVZGl0yGL9u8e2pT1MGbMDe5978H1Xut88Wge+h5AYMEBsuPXr3vvII7jeHgyvSHDXvHXaNKbZuPXNjZJy6KZjsZn139ci2/p57NEvD0abX+cm/8Nfw6b3psL8vVdMj+t8rRxjSLU/H/zo66LPOSurBlqfoMQXRHVBSENRF07SCYnpqPdM18QbcDuPreogAtIrNnpHHhJ1hh6ayW3Nt93LjK84hR1H777ltS/tCoJ2SDouy2SS23sGADXoNEAlUohNUXj3WX6QAsiNgGxz1WgS1IUx4H5WXuVQo3qChf3SKNq9DxVC1oyt7JiDWQpr7AL5bOy9qaWyngBfNfIutAJeKcLHR1Nx9kwnX6YnC2mk/liPs5GaRJPptM4GQ/8BrX/e4SQfrTudJ/baO3xcl929HH4eTKeZpZv8TGdZzuCz+RekLJr17n/FZ3NQ7voVwVRCKPpHJyPSndhJe0KQwbLBs6kXBdoJ4DAktBNXf3OoNF0vphncTYZLubj2ZfxbD7w/RfyvdB97OsnPAp78DZ0n39lmncIp/bF2w4mKWUtDMgVFHLdjixQImzDr/gVghQOphttsNy/xuHcJRJyfaFxED04nZw9KMdgyaIfslaCFMxtxScaeJiQ6xnaVcilmCMdRI8DvS3i5kVi91CymmJ7S4YrUhcGRF0uUdnbakEqnUujYaVkCcdB7+guW/CSmy4YCa+ACNYCXj0GAC8rqQwRLfT4iRZfJKfj2eLzJJlkA98q+I9ir3YbJkhVobptk46UlOYJg3YJFpPkPJ1l8dRS7dHvZk9eFLr/Z6ChFgKRIXPTbfeQK8MZTU3RBdYCbVWBkFtbWPsSLdcqvP1N53LvP1sQHHj/BAAA//8z9yJHEgoAAA=="
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"1-0-agent-small2\"]",
-      "mode": "managed",
-      "type": "hcloud_server",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "backup_window": "",
-            "backups": false,
-            "datacenter": "nbg1-dc3",
-            "delete_protection": false,
-            "firewall_ids": [
-              385507
-            ],
-            "id": "20285811",
-            "ignore_remote_firewall_ids": false,
-            "image": "ubuntu-20.04",
-            "ipv4_address": "116.203.85.75",
-            "ipv6_address": "2a01:4f8:1c1e:c5b5::1",
-            "ipv6_network": "2a01:4f8:1c1e:c5b5::/64",
-            "iso": null,
-            "keep_disk": false,
-            "labels": {
-              "engine": "k3s",
-              "provisioner": "terraform"
-            },
-            "location": "nbg1",
-            "name": "clank-agent-small2-tqu",
-            "network": [],
-            "placement_group_id": 41238,
-            "rebuild_protection": false,
-            "rescue": "linux64",
-            "server_type": "cpx11",
-            "ssh_keys": [
-              "6372775"
-            ],
-            "status": "running",
-            "timeouts": null,
-            "user_data": "2WwhfGNbb8PWIa5HwzRkeftEW60="
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0=",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"1-0-agent-small2\"]",
-      "mode": "managed",
-      "type": "hcloud_server_network",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "alias_ips": [],
-            "id": "20285811-1628275",
-            "ip": "10.1.0.101",
-            "mac_address": "86:00:00:0f:24:c4",
-            "network_id": null,
-            "server_id": 20285811,
-            "subnet_id": "1628275-10.1.0.0/16"
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.hcloud_server.server",
-            "module.kube-hetzner.module.agents.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"1-0-agent-small2\"]",
-      "mode": "managed",
-      "type": "random_string",
-      "name": "server",
-      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
-      "instances": [
-        {
-          "schema_version": 1,
-          "attributes": {
-            "id": "tqu",
-            "keepers": {
-              "name": "clank-agent-small2"
-            },
-            "length": 3,
-            "lower": true,
-            "min_lower": 0,
-            "min_numeric": 0,
-            "min_special": 0,
-            "min_upper": 0,
-            "number": false,
-            "override_special": null,
-            "result": "tqu",
-            "special": false,
-            "upper": false
-          },
-          "sensitive_attributes": [],
-          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"2-0-storage1\"]",
-      "mode": "data",
-      "type": "cloudinit_config",
-      "name": "config",
-      "provider": "provider[\"registry.terraform.io/hashicorp/cloudinit\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "base64_encode": true,
-            "boundary": "MIMEBOUNDARY",
-            "gzip": true,
-            "id": "264943894",
-            "part": [
-              {
-                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-storage1-dsi\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
-                "content_type": "text/cloud-config",
-                "filename": "init.cfg",
-                "merge_type": ""
-              }
-            ],
-            "rendered": "H4sIAAAAAAAA/4xW4W/ayBP9bin/w8j5wO+nw3ZIWrWlQjoHaIpa4xw4be+qCC27A95i7/p21yGO7o8/7TppSEiaE+LDzjzem30zjD2UwqAwQdZU2IeyLgyviDJRya+RvYelrAUjqhn4ySQZn6YX01E8+9P37Cn4gkpzKfrQC48OvAMvCHZBB94d94jrSmpuHJYYQ2heojDvYcULFKTEgc8FNyFdrf37X2WKCL1CFYwFlYyLdR/eLLnZAbiSDV6biBayZgGVYsXXB17CS9wr7nAX43lbxQ0ubAG673mHMHTxWiGYHKFS/IoYBIFmK9UGuDCoVoSiFwBt5fvwjwcAcJqm2fkszdJBh+W06rjgPItnWZKOxoMOqY20wYqYvA8RGhrpRrdlRLf8EV/R1TpAk/dsLSOuybJA0DqHimi9lYoBqU2OwnBKrI/7dZzfAuMHOBDSZb/1eh+k2hJljbwLJuTaojPFUcOxC8VFIbcZrfbBLhOvUZgncrXJpeI3yD5hoz/wAiHUOo/Iz/hig41+5ILO7ZctWi9CFm3qJQY5mhuBKrRRa8YcDShcSmmgRJNLBkSDv6kVMn/fhdnY9mORjLOP6WjgUA9VjZ0qQq03pAjqihGDP7WGCm3XZ0TQHBUorCTcDsye0nfVooLNiQ6oLEspAm1s3y5d3s31HdOnEw1Dh4H/taD/O9CSaKxVMciNqXQ/ilRVhre8IZfR5kRHLTxqFaKSUyWljoQkiuaOA4UFsEHPndbVmuZIN7dHe4XFz9jRHWSDzXOaVb0sOA032Dw07qapqsjS6ZBF+3cPbcp6GDPmBve+9+B6r3W+eDQPfQ8gsOAA2fHr1713EMdxPDyZ3pBhr/hrNOlNs/FrG5ukZdFMR+Oz6z+uxbf081ki3h6Ntj/OzW/Dv4dN780F+foumZ9Wedq4RhFqft/8qOsiD7kra4aa3yBEV0R1QUgDUdcOksmJ6Wj3ny+INmB3n1tUwAUk1ux0Drwkawy9tZJbm+87FxlecYq6D999S+pfWpWEbBD03RbJpTZ2DIBr0GiASqWQmqLx7jJ9oAURm0AbqcgaewHT3KsUalRXuLhHGVWj56la0JK5dRVrIEt5hV0on5W0t7RUxgvgu0bWhU7AO13o6Gg6zobp9MPkbDGdzBfzcTZKk3gyncbJeOA3qP1fI4T0o3Wn+9w2a4+X+7Kjj8PPk/E0s3yLj+k82xF8JveClF25zvmv6Cwe2iW/KohCGE3n4HxUugsradcXMlg2cCblukDbfQJLQjd19SuDRtP5Yp7F2WS4mI9nX8az+cD3X8j3Qvexj57wKOzB29B9/pNp3iGc2oduO5SklLUwIFdQyHU7rkCJsA2/4lcIUjiYbrTBcv8ah3OXSMj1hcZB9OB0cvagHIMli37IWglSMLcRn2jgYUKuZ2jXIJdijnQQPQ70toibF4ndH5LVFNtbMlyRujAg6nKJyt5WC1LpXBoNKyVLOA56R3fZgpfcdMFIeAVEsBbw6jEAeFlJZYhoocdPtPgiOR3PFp8nySQb+FbBfxR7tdswQaoK1W2bdKSkNE8YtEuwmCTn6SyLp5Zqj343e/Ki0P1bgYZaCESGzE233UGuDGc0NUUXWAu0VQVCbm1h7QO0XKvw9jedy733tSA48P4NAAD//3Tq5JEOCgAA"
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"2-0-storage1\"]",
-      "mode": "managed",
-      "type": "hcloud_server",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "backup_window": "",
-            "backups": false,
-            "datacenter": "fsn1-dc14",
-            "delete_protection": false,
-            "firewall_ids": [
-              385507
-            ],
-            "id": "20285809",
-            "ignore_remote_firewall_ids": false,
-            "image": "ubuntu-20.04",
-            "ipv4_address": "142.132.189.194",
-            "ipv6_address": "2a01:4f8:c012:d1c2::1",
-            "ipv6_network": "2a01:4f8:c012:d1c2::/64",
-            "iso": null,
-            "keep_disk": false,
-            "labels": {
-              "engine": "k3s",
-              "provisioner": "terraform"
-            },
-            "location": "fsn1",
-            "name": "clank-storage1-dsi",
-            "network": [],
-            "placement_group_id": 41238,
-            "rebuild_protection": false,
-            "rescue": "linux64",
-            "server_type": "cpx11",
-            "ssh_keys": [
-              "6372775"
-            ],
-            "status": "running",
-            "timeouts": null,
-            "user_data": "Nr7zQ070fY606hamZAdNr8bKW6M="
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0=",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"2-0-storage1\"]",
-      "mode": "managed",
-      "type": "hcloud_server_network",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "alias_ips": [],
-            "id": "20285809-1628275",
-            "ip": "10.2.0.101",
-            "mac_address": "86:00:00:0f:24:be",
-            "network_id": null,
-            "server_id": 20285809,
-            "subnet_id": "1628275-10.2.0.0/16"
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.hcloud_server.server",
-            "module.kube-hetzner.module.agents.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"2-0-storage1\"]",
-      "mode": "managed",
-      "type": "random_string",
-      "name": "server",
-      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
-      "instances": [
-        {
-          "schema_version": 1,
-          "attributes": {
-            "id": "dsi",
-            "keepers": {
-              "name": "clank-storage1"
-            },
-            "length": 3,
-            "lower": true,
-            "min_lower": 0,
-            "min_numeric": 0,
-            "min_special": 0,
-            "min_upper": 0,
-            "number": false,
-            "override_special": null,
-            "result": "dsi",
-            "special": false,
-            "upper": false
-          },
-          "sensitive_attributes": [],
-          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"2-1-storage1\"]",
-      "mode": "data",
-      "type": "cloudinit_config",
-      "name": "config",
-      "provider": "provider[\"registry.terraform.io/hashicorp/cloudinit\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "base64_encode": true,
-            "boundary": "MIMEBOUNDARY",
-            "gzip": true,
-            "id": "4262392169",
-            "part": [
-              {
-                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-storage1-cgr\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
-                "content_type": "text/cloud-config",
-                "filename": "init.cfg",
-                "merge_type": ""
-              }
-            ],
-            "rendered": "H4sIAAAAAAAA/4xWX2/bPhJ8F5DvsFAefIezpDhp0daFgVNsNzVaWTlbaXtXBAZNriXWEqkjqTgK7sMfSCXNHyfND4YfuDueWc6uVxpLYVCYIGtrHELVlIbXRJmo4tfIPsJaNoIR1Y78ZJZMT9OL+SRe/Nv37Cn4hkpzKYYwCI8OvAMvCB6CDrw77gnXtdTcOCwxhtCiQmE+woaXKEiFI58LbkK6yf37X2WKCL1BFUwFlYyLfAjv1tw8ALiSDV6biJayYQGVYsPzAy/hFe4Vd/gQ43k7xQ2ubAF66HmHMHbxRiGYAqFW/IoYBIFmJ9UWuDCoNoSiFwDt5IfwPw8A4DRNs/NFmqWjHito3XPBZRYvsiSdTEc90hhpgzUxxRAiNDTSre7KiG75I76hmzxAUwxsLROuybpE0LqAmmi9k4oBaUyBwnBKrI/7dZzfAuNHOBDSZX8MBp+k2hFljbwLJuTaojPFUcOxC8VlKXcZrffBLhPnKMwzucYUUvEbZF+w1Z94iRBqXUTkd3y1xVY/cUEX9stWnRchi7bNGoMCzY1AFdqoNWOJBhSupTRQoSkkA6LB3zYKmb/vwmJq+7FKptnndDJyqMeqxk4VodYbUgZNzYjB31pjhbbrCyJogQoU1hJuB2ZP6afqUMH2RAdUVpUUgTa2b5cu7+b6junLiYaxw8DfOtDfHWhNNDaqHBXG1HoYRaquwlvekMtoe6KjDh51ClHFqZJSR0ISRQvHgcIC2GjgTnmd0wLp9vZor7D6HTu6g2yxfUmzbtYlp+EW28fG3bR1HVk6HbJo/+6hTVkPY8bc4N73HlzvtS5WT+Zh6AEEFhwgO377dvAB4jiOxyfzGzIelP+ZzAbzbPrWxmZpVbbzyfTs+l/X4kf69SwR748mu1/n5h/j/47bwbsL8v1Dsjyti7R1jSLU/HP7q2nKIuSurAVqfoMQXRHVByENRH07SKYgpqfdf74k2oDdfW5RAReQWLPTJfCK5Bh6uZI7mx86FxlecYp6CD99S+pfWpWEbBH03RYppDZ2DIBr0GiASqWQmrL17jJDoCUR20AbqUiOg4DmyqsValRXuLpHGdWg56lG0Iq5dRVrIGt5hX2oXpS0t7RUxgvgp0bWh17Ae33o6Wg+zcbp/NPsbDWfLVfLaTZJk3g2n8fJdOS3qP0/I4T0o7zXf2mbdcfLfdnJ5/HX2XSeWb7V53SZPRB8IfeKlF25zvnv6Cwe2yW/KYlCmMyX4HxUug8badcXMli3cCZlXqLtPoE1odum/pNBk/lytczibDZeLaeLb9PFcuT7r+QHofvYR094FA7gfeg+f8k07xBO7UO3G0pSyUYYkBsoZd6NK1AibMOv+BWCFA6mW22w2r/G4dIlEnJ9oXEUPTqdnD0qx2DFol+yUYKUzG3EZxp4mJDrBdo1yKVYIh1FTwODHeL2VWL3h2QNxe6WDDekKQ2IplqjsrfVgtS6kEbDRskKjoPB0V225BU3fTAS3gARrAO8eQoAXtVSGSI66PEzLb5ITqeL1ddZMstGvlXwn8TePGyYIHWN6rZNOlJSmmcMekiwmiXn6SKL55Zqj/5h9uRVofu3Ag2NEIgMmZtuu4NcGc5oaso+sA5oqwqE3NnCugdolavw9je9y733tSA48P4fAAD//909lR4OCgAA"
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"2-1-storage1\"]",
-      "mode": "managed",
-      "type": "hcloud_server",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "backup_window": "",
-            "backups": false,
-            "datacenter": "fsn1-dc14",
-            "delete_protection": false,
-            "firewall_ids": [
-              385507
-            ],
-            "id": "20289430",
-            "ignore_remote_firewall_ids": false,
-            "image": "ubuntu-20.04",
-            "ipv4_address": "49.12.247.85",
-            "ipv6_address": "2a01:4f8:c012:d246::1",
-            "ipv6_network": "2a01:4f8:c012:d246::/64",
-            "iso": null,
-            "keep_disk": false,
-            "labels": {
-              "engine": "k3s",
-              "provisioner": "terraform"
-            },
-            "location": "fsn1",
-            "name": "clank-storage1-cgr",
-            "network": [],
-            "placement_group_id": 41238,
-            "rebuild_protection": false,
-            "rescue": "linux64",
-            "server_type": "cpx11",
-            "ssh_keys": [
-              "6372775"
-            ],
-            "status": "running",
-            "timeouts": null,
-            "user_data": "1yw8VGJRSEcjXrZpwCMw7s5ae8A="
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0=",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"2-1-storage1\"]",
-      "mode": "managed",
-      "type": "hcloud_server_network",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "alias_ips": [],
-            "id": "20289430-1628275",
-            "ip": "10.2.0.102",
-            "mac_address": "86:00:00:0f:27:a2",
-            "network_id": null,
-            "server_id": 20289430,
-            "subnet_id": "1628275-10.2.0.0/16"
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.hcloud_server.server",
-            "module.kube-hetzner.module.agents.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"2-1-storage1\"]",
-      "mode": "managed",
-      "type": "random_string",
-      "name": "server",
-      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
-      "instances": [
-        {
-          "schema_version": 1,
-          "attributes": {
-            "id": "cgr",
-            "keepers": {
-              "name": "clank-storage1"
-            },
-            "length": 3,
-            "lower": true,
-            "min_lower": 0,
-            "min_numeric": 0,
-            "min_special": 0,
-            "min_upper": 0,
-            "number": false,
-            "override_special": null,
-            "result": "cgr",
-            "special": false,
-            "upper": false
-          },
-          "sensitive_attributes": [],
-          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.control_planes[\"0-0-control-plane-fsn1\"]",
-      "mode": "data",
-      "type": "cloudinit_config",
-      "name": "config",
-      "provider": "provider[\"registry.terraform.io/hashicorp/cloudinit\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "base64_encode": true,
-            "boundary": "MIMEBOUNDARY",
-            "gzip": true,
-            "id": "3900639102",
-            "part": [
-              {
-                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-control-plane-fsn1-xgb\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
-                "content_type": "text/cloud-config",
-                "filename": "init.cfg",
-                "merge_type": ""
-              }
-            ],
-            "rendered": "H4sIAAAAAAAA/4xW3W7bOBO9F5B3GCgX/j6sJcVJi7YuDKxiu6nRysraStvdIjBocmyxlkgtScVWsA+/IJU0P06aheELzhyfMzwzHmkohUFhgqypsA9lXRheEWWiku+QvYelrAUjqhn4ySQZn6YX01E8+9P37Cn4gkpzKfrQC48OvAMvCO6DDrxb7hHXldTcOCwxhtC8RGHew4oXKEiJA58LbkK6Wvt3v8oUEXqFKhgLKhkX6z68WXJzD+BKNrgzES1kzQIqxYqvD7yEl7hX3OF9jOdtFTe4sAXovucdwtDFa4VgcoRK8StiEASarVQb4MKgWhGKXgC0le/DPx4AwGmaZuezNEsHHZbTquOC8yyeZUk6Gg86pDbSBiti8j5EaGikG92WEd3wR3xFV+sATd6ztYy4JssCQescKqL1VioGpDY5CsMpsT7u13F+A4wf4EBIl/3W632QakuUNfI2mJCdRWeKo4ZjF4qLQm4zWu2DXSZeozBP5GqTS8WvkX3CRn/gBUKodR6Rn/HFBhv9yAWd2y9btF6ELNrUSwxyNNcCVWij1ow5GlC4lNJAiSaXDIgGf1MrZP6+C7Ox7cciGWcf09HAoR6qGjtVhFpvSBHUFSMGf2oNFdquz4igOSpQWEm4GZg9pe+qRQWbEx1QWZZSBNrYvl26vJvrW6ZPJxqGDgP/a0H/d6Al0VirYpAbU+l+FKmqDG94Qy6jzYmOWnjUKkQlp0pKHQlJFM0dBwoLYIOeO62rNc2Rbm6O9gqLn7GjW8gGm+c0q3pZcBpusHlo3HVTVZGl0yGL9u8e2pT1MGbMDe5d78H1Xut88Wge+h5AYMEBsuPXr3vvII7jeHgyvSbDXvHXaNKbZuPXNjZJy6KZjsZnuz924lv6+SwRb49G2x/n5rfh38Om9+aCfH2XzE+rPG1cowg1v29+1HWRh9yVNUPNrxGiK6K6IKSBqGsHyeTEdLT7zxdEG7C7zy0q4AISa3Y6B16SNYbeWsmtzfediwyvOEXdh+++JfUvrUpCNgj6dovkUhs7BsA1aDRApVJITdF4t5k+0IKIjd1KRskiqAoiMFhp0Qt266VXKdSornBxhzeqRs9TtaAlc4sr1kCW8gq7UD4rbu9rqYwXwHeNrAudgHe60NHRdJwN0+mHydliOpkv5uNslCbxZDqNk/HAb1D7v0YI6UfrTve5vdYeL/dlRx+HnyfjaWb5Fh/TeXZP8JncC1J2+boefEVn9tCu+1VBFMJoOgfno9JdWEm7yJDBsoEzKdcF2jkgsCR0U1e/Mmg0nS/mWZxNhov5ePZlPJsPfP+FfC90H/sQCo/CHrwN3ec/meYdwql9/LbjSUpZCwNyBYVct4MLlAjb8Ct+hSCFg+lGGyz3r3E4d4mE7C40DqIHp5OzB+UYLFn0Q9ZKkIK53fhEAw8TspuhXYhcijnSQfQ40Nsibl4kdn9NVlNsb8lwRerCgKjLJSp7Wy1IpXNpNKyULOE46B3dZgtectMFI+EVEMFawKvHAOBlJZUhooUeP9Hii+R0PFt8niSTbOBbBf9R7NX9hglSVahu2qQjJaV5wqD7BItJcp7Osnhqqfbo72dPXhS6ez/QUAuByJC56bbbyJXhjKam6AJrgbaqQMitLax9lJZrFd78pnO59+YWBAfevwEAAP//ZWbgRxgKAAA="
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.control_planes[\"0-0-control-plane-fsn1\"]",
-      "mode": "managed",
-      "type": "hcloud_server",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "backup_window": "",
-            "backups": false,
-            "datacenter": "fsn1-dc14",
-            "delete_protection": false,
-            "firewall_ids": [
-              385507
-            ],
-            "id": "20285806",
+            "id": "21030909",
             "ignore_remote_firewall_ids": false,
             "image": "ubuntu-20.04",
             "ipv4_address": "167.235.247.244",
@@ -3060,18 +1255,394 @@
               "provisioner": "terraform"
             },
             "location": "fsn1",
-            "name": "clank-control-plane-fsn1-xgb",
+            "name": "clank-agent-small1-qlb",
             "network": [],
-            "placement_group_id": 41239,
+            "placement_group_id": 47148,
             "rebuild_protection": false,
             "rescue": "linux64",
             "server_type": "cpx11",
             "ssh_keys": [
-              "6372775"
+              "6654542"
             ],
             "status": "running",
             "timeouts": null,
-            "user_data": "q20D423pjuDyFaau0XZQMqAEBkU="
+            "user_data": "ySuIGFT5eeSh9i9Qty/EW5mtQpM="
+          },
+          "sensitive_attributes": [],
+          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0=",
+          "dependencies": [
+            "module.kube-hetzner.hcloud_firewall.k3s",
+            "module.kube-hetzner.hcloud_network.k3s",
+            "module.kube-hetzner.hcloud_network_subnet.agent",
+            "module.kube-hetzner.hcloud_placement_group.agent",
+            "module.kube-hetzner.hcloud_ssh_key.k3s",
+            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
+            "module.kube-hetzner.module.agents.random_string.identity_file",
+            "module.kube-hetzner.module.agents.random_string.server"
+          ]
+        }
+      ]
+    },
+    {
+      "module": "module.kube-hetzner.module.agents[\"0-0-agent-small1\"]",
+      "mode": "managed",
+      "type": "hcloud_server_network",
+      "name": "server",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "alias_ips": null,
+            "id": "21030909-1711263",
+            "ip": "10.0.0.101",
+            "mac_address": "86:00:00:12:fa:7a",
+            "network_id": null,
+            "server_id": 21030909,
+            "subnet_id": "1711263-10.0.0.0/16"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "module.kube-hetzner.hcloud_firewall.k3s",
+            "module.kube-hetzner.hcloud_network.k3s",
+            "module.kube-hetzner.hcloud_network_subnet.agent",
+            "module.kube-hetzner.hcloud_placement_group.agent",
+            "module.kube-hetzner.hcloud_ssh_key.k3s",
+            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
+            "module.kube-hetzner.module.agents.hcloud_server.server",
+            "module.kube-hetzner.module.agents.random_string.identity_file",
+            "module.kube-hetzner.module.agents.random_string.server"
+          ]
+        }
+      ]
+    },
+    {
+      "module": "module.kube-hetzner.module.agents[\"0-0-agent-small1\"]",
+      "mode": "managed",
+      "type": "random_string",
+      "name": "identity_file",
+      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
+      "instances": [
+        {
+          "schema_version": 1,
+          "attributes": {
+            "id": "shtisef944vem08h3gjg",
+            "keepers": null,
+            "length": 20,
+            "lower": true,
+            "min_lower": 0,
+            "min_numeric": 0,
+            "min_special": 0,
+            "min_upper": 0,
+            "number": true,
+            "override_special": null,
+            "result": "shtisef944vem08h3gjg",
+            "special": false,
+            "upper": false
+          },
+          "sensitive_attributes": [],
+          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
+          "dependencies": [
+            "module.kube-hetzner.hcloud_network.k3s",
+            "module.kube-hetzner.hcloud_network_subnet.agent"
+          ]
+        }
+      ]
+    },
+    {
+      "module": "module.kube-hetzner.module.agents[\"0-0-agent-small1\"]",
+      "mode": "managed",
+      "type": "random_string",
+      "name": "server",
+      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
+      "instances": [
+        {
+          "schema_version": 1,
+          "attributes": {
+            "id": "qlb",
+            "keepers": {
+              "name": "clank-agent-small1"
+            },
+            "length": 3,
+            "lower": true,
+            "min_lower": 0,
+            "min_numeric": 0,
+            "min_special": 0,
+            "min_upper": 0,
+            "number": false,
+            "override_special": null,
+            "result": "qlb",
+            "special": false,
+            "upper": false
+          },
+          "sensitive_attributes": [],
+          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
+          "dependencies": [
+            "module.kube-hetzner.hcloud_network.k3s",
+            "module.kube-hetzner.hcloud_network_subnet.agent"
+          ]
+        }
+      ]
+    },
+    {
+      "module": "module.kube-hetzner.module.agents[\"2-0-storage1\"]",
+      "mode": "data",
+      "type": "cloudinit_config",
+      "name": "config",
+      "provider": "provider[\"registry.terraform.io/hashicorp/cloudinit\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "base64_encode": true,
+            "boundary": "MIMEBOUNDARY",
+            "gzip": true,
+            "id": "2276970806",
+            "part": [
+              {
+                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-storage1-jqo\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
+                "content_type": "text/cloud-config",
+                "filename": "init.cfg",
+                "merge_type": ""
+              }
+            ],
+            "rendered": "H4sIAAAAAAAA/4xW72/aSBD9bin/w8j5wJ0O2yFp1ZYK6RygKWqNc+C0vasitOwOeIO96+6uQxzdH3/addL8IGlOiA8783hv9s0w9lAKg8IEWVNhH8q6MLwiykQlv0L2HpayFoyoZuAnk2R8nJ5NR/Hsb9+zp+ALKs2l6EMvPNjz9rwguA/a8265R1xXUnPjsMQYQvMShXkPK16gICUOfC64Celq7d/9KlNE6BWqYCyoZFys+/Bmyc09gCvZ4JWJaCFrFlApVny95yW8xJ3i9u9jPG+ruMGFLUD3PW8fhi5eKwSTI1SKXxKDINBspdoAFwbVilD0AqCtfB/+9QAAjtM0O52lWTrosJxWHRecZ/EsS9LReNAhtZE2WBGT9yFCQyPd6LaM6IY/4iu6Wgdo8p6tZcQ1WRYIWudQEa23UjEgtclRGE6J9XG3jtMbYPwAB0K67Lde74NUW6KskbfBhFxZdKY4ajh0obgo5Daj1S7YZeI1CvNErja5VPwa2Sds9AdeIIRa5xH5GV9ssNGPXNC5/bJF60XIok29xCBHcy1QhTZqzZijAYVLKQ2UaHLJgGjwN7VC5u+6MBvbfiyScfYxHQ0c6qGqsVNFqPWGFEFdMWLwp9ZQoe36jAiaowKFlYSbgdlR+q5aVLA50gGVZSlFoI3t27nLu7m+Zfp0pGHoMPBbC/rdgZZEY62KQW5MpftRpKoyvOENuYw2Rzpq4VGrEJWcKil1JCRRNHccKCyADXrutK7WNEe6uTnaKyx+xg5uIRtsntOs6mXBabjB5qFx101VRZZOhyzavXtoU9bDmDE3uHe9B9d7rfPFo3noewCBBQfIDl+/7r2DOI7j4dH0mgx7xT+jSW+ajV/b2CQti2Y6Gp9c/XUlvqWfTxLx9mC0vTg1fwx/DJvemzPy9V0yP67ytHGNItT8ubmo6yIPufRsXTPU/BohuiSqC0IaiLp2kkxOTEe7P31BtAG7/NymAi4gsW6nc+AlWWPorZXc2nzf2cjwklPUffjuW1L/3KokZIOgb9dILrWxcwBcg0YDVCqF1BSNd5vpAy2I2ATaSEXW2AsufkivUqhRXeLiDmVUjZ6nakFL5vZVrIEs5SV2oXxW0t7SUhkvgO8aWRc6Ae90oaOj6TgbptMPk5PFdDJfzMfZKE3iyXQaJ+OB36D2f40Q0o/Wne5z66w9nu/Kjj4OP0/G08zyLT6m8+ye4DO5F6TsznXOf0Vn8dBu+VVBFMJoOgfno9JdWEm7v5DBsoETKdcF2u4TWBK6qatfGTSazhfzLM4mw8V8PPsyns0Hvv9Cvhe6j332hAdhD96G7vO/TPP24dg+dduhJKWshQG5gkKu23EFSoRt+CW/RJDCwXSjDZa719ifu0RCrs40DqIHp6OTB+UYLFl0IWslSMHcSnyigfsJuZqh3YNcijnSQfQ40Nsibl4kdn9IVlNsb8lwRerCgKjLJSp7Wy1IpXNpNKyULOEw6B3cZgtectMFI+EVEMFawKvHAOBlJZUhooUePtHis+R4PFt8niSTbOBbBf9R7NX9hglSVahu2qQjJaV5wqD7BItJcprOsnhqqXbo72ePXhS6ey3QUAuByJC56bY7yJXhjKam6AJrgbaqQMitLax9gpZrFd78pnO+88IWBHvefwEAAP//AMOH/Q8KAAA="
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    },
+    {
+      "module": "module.kube-hetzner.module.agents[\"2-0-storage1\"]",
+      "mode": "managed",
+      "type": "hcloud_server",
+      "name": "server",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "backup_window": "",
+            "backups": false,
+            "datacenter": "fsn1-dc14",
+            "delete_protection": false,
+            "firewall_ids": [
+              412602
+            ],
+            "id": "21030913",
+            "ignore_remote_firewall_ids": false,
+            "image": "ubuntu-20.04",
+            "ipv4_address": "142.132.189.194",
+            "ipv6_address": "2a01:4f8:c012:d1c2::1",
+            "ipv6_network": "2a01:4f8:c012:d1c2::/64",
+            "iso": null,
+            "keep_disk": false,
+            "labels": {
+              "engine": "k3s",
+              "provisioner": "terraform"
+            },
+            "location": "fsn1",
+            "name": "clank-storage1-jqo",
+            "network": [],
+            "placement_group_id": 47148,
+            "rebuild_protection": false,
+            "rescue": "linux64",
+            "server_type": "cpx11",
+            "ssh_keys": [
+              "6654542"
+            ],
+            "status": "running",
+            "timeouts": null,
+            "user_data": "WofWRChEiezS+e5A4WToqMWnhuE="
+          },
+          "sensitive_attributes": [],
+          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0=",
+          "dependencies": [
+            "module.kube-hetzner.hcloud_firewall.k3s",
+            "module.kube-hetzner.hcloud_network.k3s",
+            "module.kube-hetzner.hcloud_network_subnet.agent",
+            "module.kube-hetzner.hcloud_placement_group.agent",
+            "module.kube-hetzner.hcloud_ssh_key.k3s",
+            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
+            "module.kube-hetzner.module.agents.random_string.identity_file",
+            "module.kube-hetzner.module.agents.random_string.server"
+          ]
+        }
+      ]
+    },
+    {
+      "module": "module.kube-hetzner.module.agents[\"2-0-storage1\"]",
+      "mode": "managed",
+      "type": "hcloud_server_network",
+      "name": "server",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "alias_ips": null,
+            "id": "21030913-1711263",
+            "ip": "10.2.0.101",
+            "mac_address": "86:00:00:12:fa:6c",
+            "network_id": null,
+            "server_id": 21030913,
+            "subnet_id": "1711263-10.2.0.0/16"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "module.kube-hetzner.hcloud_firewall.k3s",
+            "module.kube-hetzner.hcloud_network.k3s",
+            "module.kube-hetzner.hcloud_network_subnet.agent",
+            "module.kube-hetzner.hcloud_placement_group.agent",
+            "module.kube-hetzner.hcloud_ssh_key.k3s",
+            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
+            "module.kube-hetzner.module.agents.hcloud_server.server",
+            "module.kube-hetzner.module.agents.random_string.identity_file",
+            "module.kube-hetzner.module.agents.random_string.server"
+          ]
+        }
+      ]
+    },
+    {
+      "module": "module.kube-hetzner.module.agents[\"2-0-storage1\"]",
+      "mode": "managed",
+      "type": "random_string",
+      "name": "identity_file",
+      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
+      "instances": [
+        {
+          "schema_version": 1,
+          "attributes": {
+            "id": "qgu4estxg8uvl5vswiwl",
+            "keepers": null,
+            "length": 20,
+            "lower": true,
+            "min_lower": 0,
+            "min_numeric": 0,
+            "min_special": 0,
+            "min_upper": 0,
+            "number": true,
+            "override_special": null,
+            "result": "qgu4estxg8uvl5vswiwl",
+            "special": false,
+            "upper": false
+          },
+          "sensitive_attributes": [],
+          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
+          "dependencies": [
+            "module.kube-hetzner.hcloud_network.k3s",
+            "module.kube-hetzner.hcloud_network_subnet.agent"
+          ]
+        }
+      ]
+    },
+    {
+      "module": "module.kube-hetzner.module.agents[\"2-0-storage1\"]",
+      "mode": "managed",
+      "type": "random_string",
+      "name": "server",
+      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
+      "instances": [
+        {
+          "schema_version": 1,
+          "attributes": {
+            "id": "jqo",
+            "keepers": {
+              "name": "clank-storage1"
+            },
+            "length": 3,
+            "lower": true,
+            "min_lower": 0,
+            "min_numeric": 0,
+            "min_special": 0,
+            "min_upper": 0,
+            "number": false,
+            "override_special": null,
+            "result": "jqo",
+            "special": false,
+            "upper": false
+          },
+          "sensitive_attributes": [],
+          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
+          "dependencies": [
+            "module.kube-hetzner.hcloud_network.k3s",
+            "module.kube-hetzner.hcloud_network_subnet.agent"
+          ]
+        }
+      ]
+    },
+    {
+      "module": "module.kube-hetzner.module.control_planes[\"0-0-control-plane-fsn1\"]",
+      "mode": "data",
+      "type": "cloudinit_config",
+      "name": "config",
+      "provider": "provider[\"registry.terraform.io/hashicorp/cloudinit\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "base64_encode": true,
+            "boundary": "MIMEBOUNDARY",
+            "gzip": true,
+            "id": "1609124482",
+            "part": [
+              {
+                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-control-plane-fsn1-rxs\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
+                "content_type": "text/cloud-config",
+                "filename": "init.cfg",
+                "merge_type": ""
+              }
+            ],
+            "rendered": "H4sIAAAAAAAA/4xW3W7bOBO9F5B3GCgX/j6sJcVJi7YuDKxiu6nRysraStvdIjBocmyxlkgtScVWsA+/IJU0P06aheELzhyfMzwzHmkohUFhgqypsA9lXRheEWWiku+QvYelrAUjqhn4ySQZn6YX01E8+9P37Cn4gkpzKfrQC48OvAMvCO6DDrxb7hHXldTcOCwxhtC8RGHew4oXKEiJA58LbkK6Wvt3v8oUEXqFKhgLKhkX6z68WXJzD+BKNrgzES1kzQIqxYqvD7yEl7hX3OF9jOdtFTe4sAXovucdwtDFa4VgcoRK8StiEASarVQb4MKgWhGKXgC0le/DPx4AwGmaZuezNEsHHZbTquOC8yyeZUk6Gg86pDbSBiti8j5EaGikG92WEd3wR3xFV+sATd6ztYy4JssCQescKqL1VioGpDY5CsMpsT7u13F+A4wf4EBIl/3W632QakuUNfI2mJCdRWeKo4ZjF4qLQm4zWu2DXSZeozBP5GqTS8WvkX3CRn/gBUKodR6Rn/HFBhv9yAWd2y9btF6ELNrUSwxyNNcCVWij1ow5GlC4lNJAiSaXDIgGf1MrZP6+C7Ox7cciGWcf09HAoR6qGjtVhFpvSBHUFSMGf2oNFdquz4igOSpQWEm4GZg9pe+qRQWbEx1QWZZSBNrYvl26vJvrW6ZPJxqGDgP/a0H/d6Al0VirYpAbU+l+FKmqDG94Qy6jzYmOWnjUKkQlp0pKHQlJFM0dBwoLYIOeO62rNc2Rbm6O9gqLn7GjW8gGm+c0q3pZcBpusHlo3HVTVZGl0yGL9u8e2pT1MGbMDe5d78H1Xut88Wge+h5AYMEBsuPXr3vvII7jeHgyvSbDXvHXaNKbZuPXNjZJy6KZjsZnuz924lv6+SwRb49G2x/n5rfh38Om9+aCfH2XzE+rPG1cowg1v29+1HWRh1x6tq4Zan6NEF0R1QUhDURdO0kmJ6aj3Z++INqAXX5uUwEXkFi30znwkqwx9NZKbm2+72xkeMUp6j589y2pf2lVErJB0LdrJJfa2DkArkGjASqVQmqKxrvN9IEWRGzsWjJKFkFVEIHBSoteoHbaqxRqVFe4uMMbVaPnqVrQkrnNFWsgS3mFXSifFbf3tVTGC+C7RtaFTsA7XejoaDrOhun0w+RsMZ3MF/NxNkqTeDKdxsl44Deo/V8jhPSjdaf73GJrj5f7sqOPw8+T8TSzfIuP6Ty7J/hM7gUpu31dD76iM3to9/2qIAphNJ2D81HpLqyk3WTIYNnAmZTrAu0cEFgSuqmrXxk0ms4X8yzOJsPFfDz7Mp7NB77/Qr4Xuo99CoVHYQ/ehu7zn0zzDuHUPn/b8SSlrIUBuYJCrtvBBUqEbfgVv0KQwsF0ow2W+9c4nLtEQnYXGgfRg9PJ2YNyDJYs+iFrJUjB3HJ8ooGHCdnN0G5ELsUc6SB6HOhtETcvEru/JqsptrdkuCJ1YUDU5RKVva0WpNK5NBpWSpZwHPSObrMFL7npgpHwCohgLeDVYwDwspLKENFCj59o8UVyOp4tPk+SSTbwrYL/KPbqfsMEqSpUN23SkZLSPGHQfYLFJDlPZ1k8tVR79PezJy8K3b0gaKiFQGTI3HTbbeTKcEZTU3SBtUBbVSDk1hbWPkvLtQpvftO53Ht1C4ID798AAAD//yC4hG4ZCgAA"
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    },
+    {
+      "module": "module.kube-hetzner.module.control_planes[\"0-0-control-plane-fsn1\"]",
+      "mode": "managed",
+      "type": "hcloud_server",
+      "name": "server",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "backup_window": "",
+            "backups": false,
+            "datacenter": "fsn1-dc14",
+            "delete_protection": false,
+            "firewall_ids": [
+              412602
+            ],
+            "id": "21030914",
+            "ignore_remote_firewall_ids": false,
+            "image": "ubuntu-20.04",
+            "ipv4_address": "142.132.182.232",
+            "ipv6_address": "2a01:4f8:c012:d1c0::1",
+            "ipv6_network": "2a01:4f8:c012:d1c0::/64",
+            "iso": null,
+            "keep_disk": false,
+            "labels": {
+              "engine": "k3s",
+              "provisioner": "terraform"
+            },
+            "location": "fsn1",
+            "name": "clank-control-plane-fsn1-rxs",
+            "network": [],
+            "placement_group_id": 47147,
+            "rebuild_protection": false,
+            "rescue": "linux64",
+            "server_type": "cpx11",
+            "ssh_keys": [
+              "6654542"
+            ],
+            "status": "running",
+            "timeouts": null,
+            "user_data": "M58JAmPIBZRmdC7unRLAA3v7VuM="
           },
           "sensitive_attributes": [],
           "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0=",
@@ -3082,6 +1653,7 @@
             "module.kube-hetzner.hcloud_placement_group.control_plane",
             "module.kube-hetzner.hcloud_ssh_key.k3s",
             "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
+            "module.kube-hetzner.module.control_planes.random_string.identity_file",
             "module.kube-hetzner.module.control_planes.random_string.server"
           ]
         }
@@ -3092,18 +1664,18 @@
       "mode": "managed",
       "type": "hcloud_server_network",
       "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
       "instances": [
         {
           "schema_version": 0,
           "attributes": {
-            "alias_ips": [],
-            "id": "20285806-1628275",
+            "alias_ips": null,
+            "id": "21030914-1711263",
             "ip": "10.255.0.101",
-            "mac_address": "86:00:00:0f:24:bc",
+            "mac_address": "86:00:00:12:fa:6d",
             "network_id": null,
-            "server_id": 20285806,
-            "subnet_id": "1628275-10.255.0.0/16"
+            "server_id": 21030914,
+            "subnet_id": "1711263-10.255.0.0/16"
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
@@ -3115,11 +1687,45 @@
             "module.kube-hetzner.hcloud_ssh_key.k3s",
             "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
             "module.kube-hetzner.module.control_planes.hcloud_server.server",
+            "module.kube-hetzner.module.control_planes.random_string.identity_file",
             "module.kube-hetzner.module.control_planes.random_string.server"
           ]
         }
       ]
     },
+    {
+      "module": "module.kube-hetzner.module.control_planes[\"0-0-control-plane-fsn1\"]",
+      "mode": "managed",
+      "type": "random_string",
+      "name": "identity_file",
+      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
+      "instances": [
+        {
+          "schema_version": 1,
+          "attributes": {
+            "id": "01t9v05yia1ocb4q53ih",
+            "keepers": null,
+            "length": 20,
+            "lower": true,
+            "min_lower": 0,
+            "min_numeric": 0,
+            "min_special": 0,
+            "min_upper": 0,
+            "number": true,
+            "override_special": null,
+            "result": "01t9v05yia1ocb4q53ih",
+            "special": false,
+            "upper": false
+          },
+          "sensitive_attributes": [],
+          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
+          "dependencies": [
+            "module.kube-hetzner.hcloud_network.k3s",
+            "module.kube-hetzner.hcloud_network_subnet.control_plane"
+          ]
+        }
+      ]
+    },
     {
       "module": "module.kube-hetzner.module.control_planes[\"0-0-control-plane-fsn1\"]",
       "mode": "managed",
@@ -3130,7 +1736,7 @@
         {
           "schema_version": 1,
           "attributes": {
-            "id": "xgb",
+            "id": "rxs",
             "keepers": {
               "name": "clank-control-plane-fsn1"
             },
@@ -3142,7 +1748,7 @@
             "min_upper": 0,
             "number": false,
             "override_special": null,
-            "result": "xgb",
+            "result": "rxs",
             "special": false,
             "upper": false
           },
@@ -3168,16 +1774,16 @@
             "base64_encode": true,
             "boundary": "MIMEBOUNDARY",
             "gzip": true,
-            "id": "995672426",
+            "id": "2895757147",
             "part": [
               {
-                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-control-plane-nbg1-qoq\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
+                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-control-plane-nbg1-ufb\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
                 "content_type": "text/cloud-config",
                 "filename": "init.cfg",
                 "merge_type": ""
               }
             ],
-            "rendered": "H4sIAAAAAAAA/4xWYW/ayhL9bin/YeR84D09bIekVVsqpOcATVFrnAtO23urCC27A95i77q76xBH98df7TppSEiaK8SHnTmcM3tmGHsohUFhgqypsA9lXRheEWWikl8jew9LWQtGVDPwk0kyPk0vpqN49qfv2VPwBZXmUvShFx4deAdeEOyCDrw77hHXldTcOCwxhtC8RGHew4oXKEiJA58LbkK6Wvv3v8oUEXqFKhgLKhkX6z68WXKzA3AlG7w2ES1kzQIqxYqvD7yEl7hX3OEuxvO2ihtc2AJ03/MOYejitUIwOUKl+BUxCALNVqoNcGFQrQhFLwDayvfhbw8A4DRNs/NZmqWDDstp1XHBeRbPsiQdjQcdUhtpgxUxeR8iNDTSjW7LiG75I76iq3WAJu/ZWkZck2WBoHUOFdF6KxUDUpscheGUWB/36zi/BcYPcCCky37r9T5ItSXKGnkXTMi1RWeKo4ZjF4qLQm4zWu2DXSZeozBP5GqTS8VvkH3CRn/gBUKodR6RX/HFBhv9yAWd2y9btF6ELNrUSwxyNDcCVWij1ow5GlC4lNJAiSaXDIgGf1MrZP6+C7Ox7cciGWcf09HAoR6qGjtVhFpvSBHUFSMGf2kNFdquz4igOSpQWEm4HZg9pe+qRQWbEx1QWZZSBNrYvl26vJvrO6ZPJxqGDgP/aUH/daAl0VirYpAbU+l+FKmqDG95Qy6jzYmOWnjUKkQlp0pKHQlJFM0dBwoLYIOeO62rNc2Rbm6P9gqLX7GjO8gGm+c0q3pZcBpusHlo3E1TVZGl0yGL9u8e2pT1MGbMDe5978H1Xut88Wge+h5AYMEBsuPXr3vvII7jeHgyvSHDXvHXaNKbZuPXNjZJy6KZjsZn139ci2/p57NEvD0abX+cm/8Nfw6b3psL8vVdMj+t8rRxjSLU/H/zo66LPOSurBlqfoMQXRHVBSENRF07SCYnpqPdf74g2oDdfW5RAReQWLPTOfCSrDH01kpubb7vXGR4xSnqPnz3Lal/aVUSskHQd1skl9rYMQCuQaMBKpVCaorGu8v0gRZEbOxWMkoWQVUQgYFYrnvBT/nTqxRqVFe4uMcbVaPnqVrQkrnFFWsgS3mFXSifFbf3tVTGC+C7RtaFTsA7XejoaDrOhun0w+RsMZ3MF/NxNkqTeDKdxsl44Deo/d8jhPSjdaf73F5rj5f7sqOPw8+T8TSzfIuP6TzbEXwm94KUXb6uB1/RmT20635VEIUwms7B+ah0F1bSLjJksGzgTMp1gXYOCCwJ3dTV7wwaTeeLeRZnk+FiPp59Gc/mA99/Id8L3cc+hMKjsAdvQ/f5V6Z5h3BqH7/teJJS1sKAXEEh1+3gAiXCNvyKXyFI4WC60QbL/Wsczl0iIdcXGgfRg9PJ2YNyDJYs+iFrJUjB3G58ooGHCbmeoV2IXIo50kH0ONDbIm5eJHZ/TVZTbG/JcEXqwoCoyyUqe1stSKVzaTSslCzhOOgd3WULXnLTBSPhFRDBWsCrxwDgZSWVIaKFHj/R4ovkdDxbfJ4kk2zgWwX/UezVbsMEqSpUt23SkZLSPGHQLsFikpynsyyeWqo9+t3syYtC9+8HGmohEBkyN912G7kynNHUFF1gLdBWFQi5tYW1j9JyrcLb33Qu997cguDA+ycAAP//VEY9HRgKAAA="
+            "rendered": "H4sIAAAAAAAA/4xW4W/ayBP9bin/w8j5wO+nw3ZIWrWlQjoHaIpa4xw4be+qCC27A95i7/p21yGO7o8/7TppSEiaE+LDzjzem30zjD2UwqAwQdZU2IeyLgyviDJRya+RvYelrAUjqhn4ySQZn6YX01E8+9P37Cn4gkpzKfrQC48OvAMvCHZBB94d94jrSmpuHJYYQ2heojDvYcULFKTEgc8FNyFdrf37X2WKCL1CFYwFlYyLdR/eLLnZAbiSDV6biBayZgGVYsXXB17CS9wr7nAX43lbxQ0ubAG673mHMHTxWiGYHKFS/IoYBIFmK9UGuDCoVoSiFwBt5fvwjwcAcJqm2fkszdJBh+W06rjgPItnWZKOxoMOqY20wYqYvA8RGhrpRrdlRLf8EV/R1TpAk/dsLSOuybJA0DqHimi9lYoBqU2OwnBKrI/7dZzfAuMHOBDSZb/1eh+k2hJljbwLJuTaojPFUcOxC8VFIbcZrfbBLhOvUZgncrXJpeI3yD5hoz/wAiHUOo/Iz/hig41+5ILO7ZctWi9CFm3qJQY5mhuBKrRRa8YcDShcSmmgRJNLBkSDv6kVMn/fhdnY9mORjLOP6WjgUA9VjZ0qQq03pAjqihGDP7WGCm3XZ0TQHBUorCTcDsye0nfVooLNiQ6oLEspAm1s3y5d3s31HdOnEw1Dh4H/taD/O9CSaKxVMciNqXQ/ilRVhre8IZfR5kRHLTxqFaKSUyWljoQkiuaOA4UFsEHPndbVmuZIN7dHe4XFz9jRHWSDzXOaVb0sOA032Dw07qapqsjS6ZBF+3cPbcp6GDPmBve+9+B6r3W+eDQPfQ8gsOAA2fHr1713EMdxPDyZ3pBhr/hrNOlNs/FrG5ukZdFMR+Oz6z+uxbf081ki3h6Ntj/OzW/Dv4dN780F+foumZ9Wedq4RhFqft/8qOsiD7n0bF0z1PwGIboiqgtCGoi6dpJMTkxHuz99QbQBu/zcpgIuILFup3PgJVlj6K2V3Np839nI8IpT1H347ltS/9KqJGSDoO/WSC61sXMAXINGA1QqhdQUjXeX6QMtiNjYtWSULIKqIAIDsVz3gnq19CqFGtUVLu7xRtXoeaoWtGRuc8UayFJeYRfKZ8XtfS2V8QL4rpF1oRPwThc6OpqOs2E6/TA5W0wn88V8nI3SJJ5Mp3EyHvgNav/XCCH9aN3pPrfY2uPlvuzo4/DzZDzNLN/iYzrPdgSfyb0gZbev68FXdGYP7b5fFUQhjKZzcD4q3YWVtJsMGSwbOJNyXaCdAwJLQjd19SuDRtP5Yp7F2WS4mI9nX8az+cD3X8j3QvexT6HwKOzB29B9/pNp3iGc2udvO56klLUwIFdQyHU7uECJsA2/4lcIUjiYbrTBcv8ah3OXSMj1hcZB9OB0cvagHIMli37IWglSMLccn2jgYUKuZ2g3IpdijnQQPQ70toibF4ndX5PVFNtbMlyRujAg6nKJyt5WC1LpXBoNKyVLOA56R3fZgpfcdMFIeAVEsBbw6jEAeFlJZYhoocdPtPgiOR3PFp8nySQb+FbBfxR7tdswQaoK1W2bdKSkNE8YtEuwmCTn6SyLp5Zqj343e/Ki0P0LgoZaCESGzE233UauDGc0NUUXWAu0VQVCbm1h7bO0XKvw9jedy71XtyA48P4NAAD//+237e0ZCgAA"
           },
           "sensitive_attributes": []
         }
@@ -3188,7 +1794,7 @@
       "mode": "managed",
       "type": "hcloud_server",
       "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
       "instances": [
         {
           "schema_version": 0,
@@ -3198,9 +1804,9 @@
             "datacenter": "nbg1-dc3",
             "delete_protection": false,
             "firewall_ids": [
-              385507
+              412602
             ],
-            "id": "20285810",
+            "id": "21030912",
             "ignore_remote_firewall_ids": false,
             "image": "ubuntu-20.04",
             "ipv4_address": "116.203.29.245",
@@ -3213,18 +1819,18 @@
               "provisioner": "terraform"
             },
             "location": "nbg1",
-            "name": "clank-control-plane-nbg1-qoq",
+            "name": "clank-control-plane-nbg1-ufb",
             "network": [],
-            "placement_group_id": 41239,
+            "placement_group_id": 47147,
             "rebuild_protection": false,
             "rescue": "linux64",
             "server_type": "cpx11",
             "ssh_keys": [
-              "6372775"
+              "6654542"
             ],
             "status": "running",
             "timeouts": null,
-            "user_data": "sd58J9GBO6v2yR7ice2U4SlzYwA="
+            "user_data": "Of6KXZ6Q/8Rx/tocgZl7Y+52U6g="
           },
           "sensitive_attributes": [],
           "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0=",
@@ -3235,6 +1841,7 @@
             "module.kube-hetzner.hcloud_placement_group.control_plane",
             "module.kube-hetzner.hcloud_ssh_key.k3s",
             "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
+            "module.kube-hetzner.module.control_planes.random_string.identity_file",
             "module.kube-hetzner.module.control_planes.random_string.server"
           ]
         }
@@ -3245,18 +1852,18 @@
       "mode": "managed",
       "type": "hcloud_server_network",
       "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
       "instances": [
         {
           "schema_version": 0,
           "attributes": {
-            "alias_ips": [],
-            "id": "20285810-1628275",
+            "alias_ips": null,
+            "id": "21030912-1711263",
             "ip": "10.254.0.101",
-            "mac_address": "86:00:00:0f:24:c2",
+            "mac_address": "86:00:00:12:fa:a2",
             "network_id": null,
-            "server_id": 20285810,
-            "subnet_id": "1628275-10.254.0.0/16"
+            "server_id": 21030912,
+            "subnet_id": "1711263-10.254.0.0/16"
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
@@ -3268,11 +1875,45 @@
             "module.kube-hetzner.hcloud_ssh_key.k3s",
             "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
             "module.kube-hetzner.module.control_planes.hcloud_server.server",
+            "module.kube-hetzner.module.control_planes.random_string.identity_file",
             "module.kube-hetzner.module.control_planes.random_string.server"
           ]
         }
       ]
     },
+    {
+      "module": "module.kube-hetzner.module.control_planes[\"1-0-control-plane-nbg1\"]",
+      "mode": "managed",
+      "type": "random_string",
+      "name": "identity_file",
+      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
+      "instances": [
+        {
+          "schema_version": 1,
+          "attributes": {
+            "id": "059zvy8k1ow2juf9hvql",
+            "keepers": null,
+            "length": 20,
+            "lower": true,
+            "min_lower": 0,
+            "min_numeric": 0,
+            "min_special": 0,
+            "min_upper": 0,
+            "number": true,
+            "override_special": null,
+            "result": "059zvy8k1ow2juf9hvql",
+            "special": false,
+            "upper": false
+          },
+          "sensitive_attributes": [],
+          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
+          "dependencies": [
+            "module.kube-hetzner.hcloud_network.k3s",
+            "module.kube-hetzner.hcloud_network_subnet.control_plane"
+          ]
+        }
+      ]
+    },
     {
       "module": "module.kube-hetzner.module.control_planes[\"1-0-control-plane-nbg1\"]",
       "mode": "managed",
@@ -3283,7 +1924,7 @@
         {
           "schema_version": 1,
           "attributes": {
-            "id": "qoq",
+            "id": "ufb",
             "keepers": {
               "name": "clank-control-plane-nbg1"
             },
@@ -3295,7 +1936,7 @@
             "min_upper": 0,
             "number": false,
             "override_special": null,
-            "result": "qoq",
+            "result": "ufb",
             "special": false,
             "upper": false
           },
@@ -3321,16 +1962,16 @@
             "base64_encode": true,
             "boundary": "MIMEBOUNDARY",
             "gzip": true,
-            "id": "1329203202",
+            "id": "3940300695",
             "part": [
               {
-                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-control-plane-hel1-ugh\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
+                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-control-plane-hel1-usi\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
                 "content_type": "text/cloud-config",
                 "filename": "init.cfg",
                 "merge_type": ""
               }
             ],
-            "rendered": "H4sIAAAAAAAA/4xW4W/ayBP9bin/w8j5wO+nw3ZIWrWlQjoHaIpa4xw4be+qCC27A95i7/p21yGO7o8/7TppSEiaE+LDzjzem30zHjOUwqAwQdZU2IeyLgyviDJRya+RvYelrAUjqhn4ySQZn6YX01E8+9P37Cn4gkpzKfrQC48OvAMvCHZBB94d94jrSmpuHJYYQ2heojDvYcULFKTEgc8FNyFdrf37X2WKCL1CFYwFlYyLdR/eLLnZAbiSDV6biBayZgGVYsXXB17CS9wr7nAX43lbxQ0ubAG673mHMHTxWiGYHKFS/IoYBIFmK9UGuDCoVoSiFwBt5fvwjwcAcJqm2fkszdJBh+W06rjgPItnWZKOxoMOqY20wYqYvA8RGhrpRrdlRLf8EV/R1TpAk/dsLSOuybJA0DqHimi9lYoBqU2OwnBKrI/7dZzfAuMHOBDSZb/1eh+k2hJljbwLJuTaojPFUcOxC8VFIbcZrfbBLhOvUZgncrXJpeI3yD5hoz/wAiHUOo/Iz/hig41+5ILO7ZctWi9CFm3qJQY5mhuBKrRRa8YcDShcSmmgRJNLBkSDv6kVMn/fhdnY9mORjLOP6WjgUA9VjZ0qQq03pAjqihGDP7WGCm3XZ0TQHBUorCTcDsye0nfVooLNiQ6oLEspAm1s3y5d3s31HdOnEw1Dh4H/taD/O9CSaKxVMciNqXQ/ilRVhre8IZfR5kRHLTxqFaKSUyWljoQkiuaOA4UFsEHPndbVmuZIN7dHe4XFz9jRHWSDzXOaVb0sOA032Dw07qapqsjS6ZBF+3cPbcp6GDPmBve+9+B6r3W+eDQPfQ8gsOAA2fHr1713EMdxPDyZ3pBhr/hrNOlNs/FrG5ukZdFMR+Oz6z+uxbf081ki3h6Ntj/OzW/Dv4dN780F+foumZ9Wedq4RhFqft/8qOsiD7kra4aa3yBEV0R1QUgDUdcOksmJ6Wj3zBdEG7C7zy0q4AISa3Y6B16SNYbeWsmtzfediwyvOEXdh+++JfUvrUpCNgj6bovkUhs7BsA1aDRApVJITdF4d5k+0IKIjd1KRskiqAoi7CNQ9IJ6nXuVQo3qChf3eKNq9DxVC1oyt7hiDWQpr7AL5bPi9r6WyngBfNfIutAJeKcLHR1Nx9kwnX6YnC2mk/liPs5GaRJPptM4GQ/8BrX/a4SQfrTudJ/ba+3xcl929HH4eTKeZpZv8TGdZzuCz+RekLLL1/XgKzqzh3bdrwqiEEbTOTgfle7CStpFhgyWDZxJuS7QzgGBJaGbuvqVQaPpfDHP4mwyXMzHsy/j2Xzg+y/ke6H72JdQeBT24G3oPv/JNO8QTu3rtx1PUspaGJArKOS6HVygRNiGX/ErBCkcTDfaYLl/jcO5SyTk+kLjIHpwOjl7UI7BkkU/ZK0EKZjbjU808DAh1zO0C5FLMUc6iB4HelvEzYvE7tFkNcX2lgxXpC4MiLpcorK31YJUOpdGw0rJEo6D3tFdtuAlN10wEl4BEawFvHoMAF5WUhkiWujxEy2+SE7Hs8XnSTLJBr5V8B/FXu02TJCqQnXbJh0pKc0TBu0SLCbJeTrL4qml2qPfzZ68KHT//0BDLQQiQ+am224jV4YzmpqiC6wF2qoCIbe2sPZVWq5VePubzuXeP7cgOPD+DQAA//9dHkfzGAoAAA=="
+            "rendered": "H4sIAAAAAAAA/4xW4W/ayBP9bin/w8j5wO+nw3ZIWrWlQjoHaIpa4xw4be+qCC27A95i7/p21yGO7o8/7TppSEiaE+LDzjzem30zHjOUwqAwQdZU2IeyLgyviDJRya+RvYelrAUjqhn4ySQZn6YX01E8+9P37Cn4gkpzKfrQC48OvAMvCHZBB94d94jrSmpuHJYYQ2heojDvYcULFKTEgc8FNyFdrf37X2WKCL1CFYwFlYyLdR/eLLnZAbiSDV6biBayZgGVYsXXB17CS9wr7nAX43lbxQ0ubAG673mHMHTxWiGYHKFS/IoYBIFmK9UGuDCoVoSiFwBt5fvwjwcAcJqm2fkszdJBh+W06rjgPItnWZKOxoMOqY20wYqYvA8RGhrpRrdlRLf8EV/R1TpAk/dsLSOuybJA0DqHimi9lYoBqU2OwnBKrI/7dZzfAuMHOBDSZb/1eh+k2hJljbwLJuTaojPFUcOxC8VFIbcZrfbBLhOvUZgncrXJpeI3yD5hoz/wAiHUOo/Iz/hig41+5ILO7ZctWi9CFm3qJQY5mhuBKrRRa8YcDShcSmmgRJNLBkSDv6kVMn/fhdnY9mORjLOP6WjgUA9VjZ0qQq03pAjqihGDP7WGCm3XZ0TQHBUorCTcDsye0nfVooLNiQ6oLEspAm1s3y5d3s31HdOnEw1Dh4H/taD/O9CSaKxVMciNqXQ/ilRVhre8IZfR5kRHLTxqFaKSUyWljoQkiuaOA4UFsEHPndbVmuZIN7dHe4XFz9jRHWSDzXOaVb0sOA032Dw07qapqsjS6ZBF+3cPbcp6GDPmBve+9+B6r3W+eDQPfQ8gsOAA2fHr1713EMdxPDyZ3pBhr/hrNOlNs/FrG5ukZdFMR+Oz6z+uxbf081ki3h6Ntj/OzW/Dv4dN780F+foumZ9Wedq4RhFqft/8qOsiD7n0bF0z1PwGIboiqgtCGoi6dpJMTkxHu4e+INqAXX5uUwEXkFi30znwkqwx9NZKbm2+72xkeMUp6j589y2pf2lVErJB0HdrJJfa2DkArkGjASqVQmqKxrvL9IEWRGzsWjJKFkFVEGGfgaIX1Jp7lUKN6goX93ijavQ8VQtaMre5Yg1kKa+wC+Wz4va+lsp4AXzXyLrQCXinCx0dTcfZMJ1+mJwtppP5Yj7ORmkST6bTOBkP/Aa1/2uEkH607nSfW2zt8XJfdvRx+HkynmaWb/ExnWc7gs/kXpCy29f14Cs6s4d2368KohBG0zk4H5XuwkraTYYMlg2cSbku0M4BgSWhm7r6lUGj6Xwxz+JsMlzMx7Mv49l84Psv5Huh+9i3UHgU9uBt6D7/yTTvEE7t+7cdT1LKWhiQKyjkuh1coETYhl/xKwQpHEw32mC5f43DuUsk5PpC4yB6cDo5e1COwZJFP2StBCmYW45PNPAwIdcztBuRSzFHOogeB3pbxM2LxO7RZDXF9pYMV6QuDIi6XKKyt9WCVDqXRsNKyRKOg97RXbbgJTddMBJeARGsBbx6DABeVlIZIlro8RMtvkhOx7PF50kyyQa+VfAfxV7tNkyQqkJ12yYdKSnNEwbtEiwmyXk6y+Kppdqj382evCh0/wdBQy0EIkPmpttuI1eGM5qaogusBdqqAiG3trD2XVquVXj7m87l3l+3IDjw/g0AAP//IQSWkBkKAAA="
           },
           "sensitive_attributes": []
         }
@@ -3341,7 +1982,7 @@
       "mode": "managed",
       "type": "hcloud_server",
       "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
       "instances": [
         {
           "schema_version": 0,
@@ -3351,9 +1992,9 @@
             "datacenter": "hel1-dc2",
             "delete_protection": false,
             "firewall_ids": [
-              385507
+              412602
             ],
-            "id": "20285808",
+            "id": "21030910",
             "ignore_remote_firewall_ids": false,
             "image": "ubuntu-20.04",
             "ipv4_address": "65.108.211.112",
@@ -3366,18 +2007,18 @@
               "provisioner": "terraform"
             },
             "location": "hel1",
-            "name": "clank-control-plane-hel1-ugh",
+            "name": "clank-control-plane-hel1-usi",
             "network": [],
-            "placement_group_id": 41239,
+            "placement_group_id": 47147,
             "rebuild_protection": false,
             "rescue": "linux64",
             "server_type": "cpx11",
             "ssh_keys": [
-              "6372775"
+              "6654542"
             ],
             "status": "running",
             "timeouts": null,
-            "user_data": "F4b9NkwJcbpEFxr8BVunS+1C0zo="
+            "user_data": "FKe0xQSfj1rSDb7agkYKOs0W6QQ="
           },
           "sensitive_attributes": [],
           "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0=",
@@ -3388,6 +2029,7 @@
             "module.kube-hetzner.hcloud_placement_group.control_plane",
             "module.kube-hetzner.hcloud_ssh_key.k3s",
             "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
+            "module.kube-hetzner.module.control_planes.random_string.identity_file",
             "module.kube-hetzner.module.control_planes.random_string.server"
           ]
         }
@@ -3398,18 +2040,18 @@
       "mode": "managed",
       "type": "hcloud_server_network",
       "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
       "instances": [
         {
           "schema_version": 0,
           "attributes": {
-            "alias_ips": [],
-            "id": "20285808-1628275",
+            "alias_ips": null,
+            "id": "21030910-1711263",
             "ip": "10.253.0.101",
-            "mac_address": "86:00:00:0f:24:c3",
+            "mac_address": "86:00:00:12:fa:77",
             "network_id": null,
-            "server_id": 20285808,
-            "subnet_id": "1628275-10.253.0.0/16"
+            "server_id": 21030910,
+            "subnet_id": "1711263-10.253.0.0/16"
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
@@ -3421,11 +2063,45 @@
             "module.kube-hetzner.hcloud_ssh_key.k3s",
             "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
             "module.kube-hetzner.module.control_planes.hcloud_server.server",
+            "module.kube-hetzner.module.control_planes.random_string.identity_file",
             "module.kube-hetzner.module.control_planes.random_string.server"
           ]
         }
       ]
     },
+    {
+      "module": "module.kube-hetzner.module.control_planes[\"2-0-control-plane-hel1\"]",
+      "mode": "managed",
+      "type": "random_string",
+      "name": "identity_file",
+      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
+      "instances": [
+        {
+          "schema_version": 1,
+          "attributes": {
+            "id": "z6vtb8sffl78k7n3iogk",
+            "keepers": null,
+            "length": 20,
+            "lower": true,
+            "min_lower": 0,
+            "min_numeric": 0,
+            "min_special": 0,
+            "min_upper": 0,
+            "number": true,
+            "override_special": null,
+            "result": "z6vtb8sffl78k7n3iogk",
+            "special": false,
+            "upper": false
+          },
+          "sensitive_attributes": [],
+          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
+          "dependencies": [
+            "module.kube-hetzner.hcloud_network.k3s",
+            "module.kube-hetzner.hcloud_network_subnet.control_plane"
+          ]
+        }
+      ]
+    },
     {
       "module": "module.kube-hetzner.module.control_planes[\"2-0-control-plane-hel1\"]",
       "mode": "managed",
@@ -3436,7 +2112,7 @@
         {
           "schema_version": 1,
           "attributes": {
-            "id": "ugh",
+            "id": "usi",
             "keepers": {
               "name": "clank-control-plane-hel1"
             },
@@ -3448,7 +2124,7 @@
             "min_upper": 0,
             "number": false,
             "override_special": null,
-            "result": "ugh",
+            "result": "usi",
             "special": false,
             "upper": false
           },
diff --git a/terraform.tfstate.backup b/terraform.tfstate.backup
index 7febe8d..98a835e 100644
--- a/terraform.tfstate.backup
+++ b/terraform.tfstate.backup
@@ -1,3434 +1,8 @@
 {
   "version": 4,
-  "terraform_version": "1.1.7",
-  "serial": 194,
-  "lineage": "04d648e3-bdd4-2cef-384a-6564647940db",
+  "terraform_version": "1.2.0",
+  "serial": 113,
+  "lineage": "f11a6304-aea4-5304-f584-cf21c8436f1c",
   "outputs": {},
-  "resources": [
-    {
-      "module": "module.dns",
-      "mode": "managed",
-      "type": "cloudflare_record",
-      "name": "exact",
-      "provider": "module.dns.provider[\"registry.terraform.io/cloudflare/cloudflare\"]",
-      "instances": [
-        {
-          "index_key": "*.kjuulh.app",
-          "schema_version": 2,
-          "attributes": {
-            "allow_overwrite": false,
-            "created_on": "2022-05-08T13:48:54.289798Z",
-            "data": [],
-            "hostname": "*.kjuulh.app",
-            "id": "7234597988434057f1bc0630efada29b",
-            "metadata": {
-              "auto_added": "false",
-              "managed_by_apps": "false",
-              "managed_by_argo_tunnel": "false",
-              "source": "primary"
-            },
-            "modified_on": "2022-05-08T13:48:54.289798Z",
-            "name": "*.kjuulh.app",
-            "priority": null,
-            "proxiable": true,
-            "proxied": false,
-            "timeouts": null,
-            "ttl": 3600,
-            "type": "A",
-            "value": "49.12.19.255",
-            "zone_id": "9454b35cb1010b9eab9aadf206fdf11f"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMCwidXBkYXRlIjozMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMiJ9",
-          "dependencies": [
-            "module.kube-hetzner.data.github_release.hetzner_ccm",
-            "module.kube-hetzner.data.github_release.hetzner_csi",
-            "module.kube-hetzner.data.github_release.kured",
-            "module.kube-hetzner.data.hcloud_load_balancer.traefik",
-            "module.kube-hetzner.data.remote_file.kubeconfig",
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.local_sensitive_file.kubeconfig",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
-            "module.kube-hetzner.module.control_planes.random_string.server",
-            "module.kube-hetzner.null_resource.control_planes",
-            "module.kube-hetzner.null_resource.first_control_plane",
-            "module.kube-hetzner.null_resource.kustomization",
-            "module.kube-hetzner.random_password.k3s_token"
-          ]
-        },
-        {
-          "index_key": "kjuulh.app",
-          "schema_version": 2,
-          "attributes": {
-            "allow_overwrite": false,
-            "created_on": "2022-05-08T13:48:54.199417Z",
-            "data": [],
-            "hostname": "kjuulh.app",
-            "id": "5bc099d554ee71ea6ce63f76a4531e77",
-            "metadata": {
-              "auto_added": "false",
-              "managed_by_apps": "false",
-              "managed_by_argo_tunnel": "false",
-              "source": "primary"
-            },
-            "modified_on": "2022-05-08T13:48:54.199417Z",
-            "name": "kjuulh.app",
-            "priority": null,
-            "proxiable": true,
-            "proxied": false,
-            "timeouts": null,
-            "ttl": 3600,
-            "type": "A",
-            "value": "49.12.19.255",
-            "zone_id": "9454b35cb1010b9eab9aadf206fdf11f"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMCwidXBkYXRlIjozMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMiJ9",
-          "dependencies": [
-            "module.kube-hetzner.data.github_release.hetzner_ccm",
-            "module.kube-hetzner.data.github_release.hetzner_csi",
-            "module.kube-hetzner.data.github_release.kured",
-            "module.kube-hetzner.data.hcloud_load_balancer.traefik",
-            "module.kube-hetzner.data.remote_file.kubeconfig",
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.local_sensitive_file.kubeconfig",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
-            "module.kube-hetzner.module.control_planes.random_string.server",
-            "module.kube-hetzner.null_resource.control_planes",
-            "module.kube-hetzner.null_resource.first_control_plane",
-            "module.kube-hetzner.null_resource.kustomization",
-            "module.kube-hetzner.random_password.k3s_token"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.flux",
-      "mode": "data",
-      "type": "flux_install",
-      "name": "main",
-      "provider": "module.flux.provider[\"registry.terraform.io/fluxcd/flux\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "baseurl": "https://github.com/fluxcd/flux2/releases",
-            "cluster_domain": "cluster.local",
-            "components": null,
-            "components_extra": null,
-            "content": "---\n# This manifest was generated by flux. DO NOT EDIT.\n# Flux Version: latest\n# Components: source-controller,kustomize-controller,helm-controller,notification-controller\napiVersion: v1\nkind: Namespace\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    pod-security.kubernetes.io/warn: restricted\n    pod-security.kubernetes.io/warn-version: latest\n  name: flux-system\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: alerts.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Alert\n    listKind: AlertList\n    plural: alerts\n    singular: alert\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Alert is the Schema for the alerts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: AlertSpec defines an alerting rule for events involving a\n              list of objects\n            properties:\n              eventSeverity:\n                default: info\n                description: Filter events based on severity, defaults to ('info').\n                  If set to 'info' no events will be filtered.\n                enum:\n                - info\n                - error\n                type: string\n              eventSources:\n                description: Filter events based on the involved objects.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              exclusionList:\n                description: A list of Golang regular expressions to be used for excluding\n                  messages.\n                items:\n                  type: string\n                type: array\n              providerRef:\n                description: Send events using this provider.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              summary:\n                description: Short description of the impact and affected cluster.\n                type: string\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events dispatching. Defaults to false.\n                type: boolean\n            required:\n            - eventSources\n            - providerRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: AlertStatus defines the observed state of Alert\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: buckets.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: Bucket\n    listKind: BucketList\n    plural: buckets\n    singular: bucket\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec defines the desired state of an S3 compatible\n              bucket\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: The bucket name.\n                type: string\n              endpoint:\n                description: The bucket endpoint address.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.\n                type: boolean\n              interval:\n                description: The interval at which to check for bucket updates.\n                type: string\n              provider:\n                default: generic\n                description: The S3 compatible storage provider name, default ('generic').\n                enum:\n                - generic\n                - aws\n                - gcp\n                type: string\n              region:\n                description: The bucket region.\n                type: string\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for download operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus defines the observed state of a bucket\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  Bucket sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last Bucket sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec specifies the required configuration to produce\n              an Artifact for an object storage bucket.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: BucketName is the name of the object storage bucket.\n                type: string\n              endpoint:\n                description: Endpoint is the object storage address the BucketName\n                  is located at.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS HTTP Endpoint.\n                type: boolean\n              interval:\n                description: Interval at which to check the Endpoint for updates.\n                type: string\n              provider:\n                default: generic\n                description: Provider of the object storage bucket. Defaults to 'generic',\n                  which expects an S3 (API) compatible object storage.\n                enum:\n                - generic\n                - aws\n                - gcp\n                - azure\n                type: string\n              region:\n                description: Region of the Endpoint where the BucketName is located\n                  in.\n                type: string\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this Bucket.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for fetch operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus records the observed state of a Bucket.\n            properties:\n              artifact:\n                description: Artifact represents the last successful Bucket reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the Bucket object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: gitrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: GitRepository\n    listKind: GitRepositoryList\n    plural: gitrepositories\n    shortNames:\n    - gitrepo\n    singular: gitrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec defines the desired state of a Git repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: Determines which git client library to use. Defaults\n                  to go-git, valid values are ('go-git', 'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Extra git repositories to map into the repository\n                items:\n                  description: GitRepositoryInclude defines a source with a from and\n                    to path.\n                  properties:\n                    fromPath:\n                      description: The path to copy contents from, defaults to the\n                        root directory.\n                      type: string\n                    repository:\n                      description: Reference to a GitRepository to include.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: The path to copy contents to, defaults to the name\n                        of the source ref.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to check for repository updates.\n                type: string\n              recurseSubmodules:\n                description: When enabled, after the clone is created, initializes\n                  all submodules within, using their default settings. This option\n                  is available only when using the 'go-git' GitImplementation.\n                type: boolean\n              ref:\n                description: The Git reference to checkout and monitor for changes,\n                  defaults to master branch.\n                properties:\n                  branch:\n                    description: The Git branch to checkout, defaults to master.\n                    type: string\n                  commit:\n                    description: The Git commit SHA to checkout, if specified Tag\n                      filters will be ignored.\n                    type: string\n                  semver:\n                    description: The Git tag semver expression, takes precedence over\n                      Tag.\n                    type: string\n                  tag:\n                    description: The Git tag to checkout, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: The secret name containing the Git credentials. For HTTPS\n                  repositories the secret must contain username and password fields.\n                  For SSH repositories the secret must contain identity and known_hosts\n                  fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for remote Git operations like cloning, defaults\n                  to 60s.\n                type: string\n              url:\n                description: The repository URL, can be a HTTP/S or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verify OpenPGP signature for the Git commit HEAD points\n                  to.\n                properties:\n                  mode:\n                    description: Mode describes what git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: The secret name containing the public keys of all\n                      trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus defines the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts represents the included artifacts from\n                  the last successful repository sync.\n                items:\n                  description: Artifact represents the output of a source synchronisation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the artifact.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of this artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of this artifact.\n                      type: string\n                    revision:\n                      description: Revision is a human readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm index timestamp, a Helm chart version, etc.\n                      type: string\n                    url:\n                      description: URL is the HTTP address of this artifact.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last repository sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec specifies the required configuration to\n              produce an Artifact for a Git repository.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: GitImplementation specifies which Git client library\n                  implementation to use. Defaults to 'go-git', valid values are ('go-git',\n                  'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Include specifies a list of GitRepository resources which\n                  Artifacts should be included in the Artifact produced for this GitRepository.\n                items:\n                  description: GitRepositoryInclude specifies a local reference to\n                    a GitRepository which Artifact (sub-)contents must be included,\n                    and where they should be placed.\n                  properties:\n                    fromPath:\n                      description: FromPath specifies the path to copy contents from,\n                        defaults to the root of the Artifact.\n                      type: string\n                    repository:\n                      description: GitRepositoryRef specifies the GitRepository which\n                        Artifact contents must be included.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: ToPath specifies the path to copy contents to,\n                        defaults to the name of the GitRepositoryRef.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: Interval at which to check the GitRepository for updates.\n                type: string\n              recurseSubmodules:\n                description: RecurseSubmodules enables the initialization of all submodules\n                  within the GitRepository as cloned from the URL, using their default\n                  settings. This option is available only when using the 'go-git'\n                  GitImplementation.\n                type: boolean\n              ref:\n                description: Reference specifies the Git reference to resolve and\n                  monitor for changes, defaults to the 'master' branch.\n                properties:\n                  branch:\n                    description: \"Branch to check out, defaults to 'master' if no\n                      other field is defined. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', a shallow clone of the specified branch\n                      is performed.\"\n                    type: string\n                  commit:\n                    description: \"Commit SHA to check out, takes precedence over all\n                      reference fields. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', this can be combined with Branch to shallow\n                      clone the branch, in which the commit is expected to exist.\"\n                    type: string\n                  semver:\n                    description: SemVer tag expression to check out, takes precedence\n                      over Tag.\n                    type: string\n                  tag:\n                    description: Tag to check out, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the GitRepository. For HTTPS repositories the Secret\n                  must contain 'username' and 'password' fields. For SSH repositories\n                  the Secret must contain 'identity' and 'known_hosts' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this GitRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for Git operations like cloning, defaults to\n                  60s.\n                type: string\n              url:\n                description: URL specifies the Git repository URL, it can be an HTTP/S\n                  or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verification specifies the configuration to verify the\n                  Git commit signature(s).\n                properties:\n                  mode:\n                    description: Mode specifies what Git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: SecretRef specifies the Secret containing the public\n                      keys of trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus records the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful GitRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts contains a list of the last successfully\n                  included Artifacts as instructed by GitRepositorySpec.Include.\n                items:\n                  description: Artifact represents the output of a Source reconciliation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the Artifact\n                        file.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of the Artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of the Artifact.\n                        It can be used to locate the file in the root of the Artifact\n                        storage on the local file system of the controller managing\n                        the Source.\n                      type: string\n                    revision:\n                      description: Revision is a human-readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm chart version, etc.\n                      type: string\n                    size:\n                      description: Size is the number of bytes in the file.\n                      format: int64\n                      type: integer\n                    url:\n                      description: URL is the HTTP address of the Artifact as exposed\n                        by the controller managing the Source. It can be used to retrieve\n                        the Artifact for consumption, e.g. by another controller applying\n                        the Artifact contents.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the GitRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise GitRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmcharts.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmChart\n    listKind: HelmChartList\n    plural: helmcharts\n    shortNames:\n    - hc\n    singular: helmchart\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec defines the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: The name or path the Helm chart is available at in the\n                  SourceRef.\n                type: string\n              interval:\n                description: The interval at which to check the Source for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: Determines what enables the creation of a new artifact.\n                  Valid values are ('ChartVersion', 'Revision'). See the documentation\n                  of the values for an explanation on their behavior. Defaults to\n                  ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: The reference to the Source the chart is available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: Alternative values file to use as the default chart values,\n                  expected to be a relative path in the SourceRef. Deprecated in favor\n                  of ValuesFiles, for backwards compatibility the file defined here\n                  is merged before the ValuesFiles items. Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: Alternative list of values files to use as the chart\n                  values (values.yaml is not included by default), expected to be\n                  a relative path in the SourceRef. Values files are merged in the\n                  order of this list with the last file overriding the first. Ignored\n                  when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: The chart version semver expression, ignored for charts\n                  from GitRepository and Bucket sources. Defaults to latest when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus defines the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  chart sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last chart pulled.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec specifies the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: Chart is the name or path the Helm chart is available\n                  at in the SourceRef.\n                type: string\n              interval:\n                description: Interval is the interval at which to check the Source\n                  for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: ReconcileStrategy determines what enables the creation\n                  of a new artifact. Valid values are ('ChartVersion', 'Revision').\n                  See the documentation of the values for an explanation on their\n                  behavior. Defaults to ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: SourceRef is the reference to the Source the chart is\n                  available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: ValuesFile is an alternative values file to use as the\n                  default chart values, expected to be a relative path in the SourceRef.\n                  Deprecated in favor of ValuesFiles, for backwards compatibility\n                  the file specified here is merged before the ValuesFiles items.\n                  Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: ValuesFiles is an alternative list of values files to\n                  use as the chart values (values.yaml is not included by default),\n                  expected to be a relative path in the SourceRef. Values files are\n                  merged in the order of this list with the last file overriding the\n                  first. Ignored when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: Version is the chart version semver expression, ignored\n                  for charts from GitRepository and Bucket sources. Defaults to latest\n                  when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus records the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedChartName:\n                description: ObservedChartName is the last observed chart name as\n                  specified by the resolved chart reference.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmChart object.\n                format: int64\n                type: integer\n              observedSourceArtifactRevision:\n                description: ObservedSourceArtifactRevision is the last observed Artifact.Revision\n                  of the HelmChartSpec.SourceRef.\n                type: string\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmreleases.helm.toolkit.fluxcd.io\nspec:\n  group: helm.toolkit.fluxcd.io\n  names:\n    kind: HelmRelease\n    listKind: HelmReleaseList\n    plural: helmreleases\n    shortNames:\n    - hr\n    singular: helmrelease\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v2beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRelease is the Schema for the helmreleases API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmReleaseSpec defines the desired state of a Helm release.\n            properties:\n              chart:\n                description: Chart defines the template of the v1beta2.HelmChart that\n                  should be created for this HelmRelease.\n                properties:\n                  spec:\n                    description: Spec holds the template for the v1beta2.HelmChartSpec\n                      for this HelmRelease.\n                    properties:\n                      chart:\n                        description: The name or path the Helm chart is available\n                          at in the SourceRef.\n                        type: string\n                      interval:\n                        description: Interval at which to check the v1beta2.Source\n                          for updates. Defaults to 'HelmReleaseSpec.Interval'.\n                        type: string\n                      reconcileStrategy:\n                        default: ChartVersion\n                        description: Determines what enables the creation of a new\n                          artifact. Valid values are ('ChartVersion', 'Revision').\n                          See the documentation of the values for an explanation on\n                          their behavior. Defaults to ChartVersion when omitted.\n                        enum:\n                        - ChartVersion\n                        - Revision\n                        type: string\n                      sourceRef:\n                        description: The name and namespace of the v1beta2.Source\n                          the chart is available at.\n                        properties:\n                          apiVersion:\n                            description: APIVersion of the referent.\n                            type: string\n                          kind:\n                            description: Kind of the referent.\n                            enum:\n                            - HelmRepository\n                            - GitRepository\n                            - Bucket\n                            type: string\n                          name:\n                            description: Name of the referent.\n                            maxLength: 253\n                            minLength: 1\n                            type: string\n                          namespace:\n                            description: Namespace of the referent.\n                            maxLength: 63\n                            minLength: 1\n                            type: string\n                        required:\n                        - name\n                        type: object\n                      valuesFile:\n                        description: Alternative values file to use as the default\n                          chart values, expected to be a relative path in the SourceRef.\n                          Deprecated in favor of ValuesFiles, for backwards compatibility\n                          the file defined here is merged before the ValuesFiles items.\n                          Ignored when omitted.\n                        type: string\n                      valuesFiles:\n                        description: Alternative list of values files to use as the\n                          chart values (values.yaml is not included by default), expected\n                          to be a relative path in the SourceRef. Values files are\n                          merged in the order of this list with the last file overriding\n                          the first. Ignored when omitted.\n                        items:\n                          type: string\n                        type: array\n                      version:\n                        default: '*'\n                        description: Version semver expression, ignored for charts\n                          from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults\n                          to latest when omitted.\n                        type: string\n                    required:\n                    - chart\n                    - sourceRef\n                    type: object\n                required:\n                - spec\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to HelmRelease resources that must be ready\n                  before this HelmRelease can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              install:\n                description: Install holds the configuration for Helm install actions\n                  for this HelmRelease.\n                properties:\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Create`\n                      and if omitted CRDs are installed but not updated. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are applied (installed) during Helm install action. With this\n                      option users can opt-in to CRD replace existing CRDs on Helm\n                      install actions, which is not (yet) natively supported by Helm.\n                      https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  createNamespace:\n                    description: CreateNamespace tells the Helm install action to\n                      create the HelmReleaseSpec.TargetNamespace if it does not exist\n                      yet. On uninstall, the namespace will not be garbage collected.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm install action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm install\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm install has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm install has been performed.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm install action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an install\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false'.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          an uninstall, is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                    type: object\n                  replace:\n                    description: Replace tells the Helm install action to re-use the\n                      'ReleaseName', but only if that name is a deleted release which\n                      remains in the history.\n                    type: boolean\n                  skipCRDs:\n                    description: \"SkipCRDs tells the Helm install action to not install\n                      any CRDs. By default, CRDs are installed if not already present.\n                      \\n Deprecated use CRD policy (`crds`) attribute with value `Skip`\n                      instead.\"\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              interval:\n                description: Interval at which to reconcile the Helm release.\n                type: string\n              kubeConfig:\n                description: KubeConfig for reconciling the HelmRelease on a remote\n                  cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a key with the kubeconfig file as the value. If no key is specified\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the HelmRelease. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the HelmRelease.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              maxHistory:\n                description: MaxHistory is the number of revisions saved by Helm for\n                  this HelmRelease. Use '0' for an unlimited number of revisions;\n                  defaults to '10'.\n                type: integer\n              postRenderers:\n                description: PostRenderers holds an array of Helm PostRenderers, which\n                  will be applied in order of their definition.\n                items:\n                  description: PostRenderer contains a Helm PostRenderer specification.\n                  properties:\n                    kustomize:\n                      description: Kustomization to apply as PostRenderer.\n                      properties:\n                        images:\n                          description: Images is a list of (image name, new name,\n                            new tag or digest) for changing image names, tags or digests.\n                            This can also be achieved with a patch, but this operator\n                            is simpler to specify.\n                          items:\n                            description: Image contains an image name, a new name,\n                              a new tag or digest, which will replace the original\n                              name and tag.\n                            properties:\n                              digest:\n                                description: Digest is the value used to replace the\n                                  original image tag. If digest is present NewTag\n                                  value is ignored.\n                                type: string\n                              name:\n                                description: Name is a tag-less image name.\n                                type: string\n                              newName:\n                                description: NewName is the value used to replace\n                                  the original name.\n                                type: string\n                              newTag:\n                                description: NewTag is the value used to replace the\n                                  original tag.\n                                type: string\n                            required:\n                            - name\n                            type: object\n                          type: array\n                        patches:\n                          description: Strategic merge and JSON patches, defined as\n                            inline YAML objects, capable of targeting objects based\n                            on kind, label and annotation selectors.\n                          items:\n                            description: Patch contains an inline StrategicMerge or\n                              JSON6902 patch, and the target the patch should be applied\n                              to.\n                            properties:\n                              patch:\n                                description: Patch contains an inline StrategicMerge\n                                  patch or an inline JSON6902 patch with an array\n                                  of operation objects.\n                                type: string\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            type: object\n                          type: array\n                        patchesJson6902:\n                          description: JSON 6902 patches, defined as inline YAML objects.\n                          items:\n                            description: JSON6902Patch contains a JSON6902 patch and\n                              the target the patch should be applied to.\n                            properties:\n                              patch:\n                                description: Patch contains the JSON6902 patch document\n                                  with an array of operation objects.\n                                items:\n                                  description: JSON6902 is a JSON6902 operation object.\n                                    https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                  properties:\n                                    from:\n                                      description: From contains a JSON-pointer value\n                                        that references a location within the target\n                                        document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      type: string\n                                    op:\n                                      description: Op indicates the operation to perform.\n                                        Its value MUST be one of \"add\", \"remove\",\n                                        \"replace\", \"move\", \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                      enum:\n                                      - test\n                                      - remove\n                                      - add\n                                      - replace\n                                      - move\n                                      - copy\n                                      type: string\n                                    path:\n                                      description: Path contains the JSON-pointer\n                                        value that references a location within the\n                                        target document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op.\n                                      type: string\n                                    value:\n                                      description: Value contains a valid JSON structure.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      x-kubernetes-preserve-unknown-fields: true\n                                  required:\n                                  - op\n                                  - path\n                                  type: object\n                                type: array\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            required:\n                            - patch\n                            - target\n                            type: object\n                          type: array\n                        patchesStrategicMerge:\n                          description: Strategic merge patches, defined as inline\n                            YAML objects.\n                          items:\n                            x-kubernetes-preserve-unknown-fields: true\n                          type: array\n                      type: object\n                  type: object\n                type: array\n              releaseName:\n                description: ReleaseName used for the Helm release. Defaults to a\n                  composition of '[TargetNamespace-]Name'.\n                maxLength: 53\n                minLength: 1\n                type: string\n              rollback:\n                description: Rollback holds the configuration for Helm rollback actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm rollback action when it fails.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm rollback has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm rollback has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  recreate:\n                    description: Recreate performs pod restarts for the resource if\n                      applicable.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this HelmRelease.\n                type: string\n              storageNamespace:\n                description: StorageNamespace used for the Helm storage. Defaults\n                  to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              suspend:\n                description: Suspend tells the controller to suspend reconciliation\n                  for this HelmRelease, it does not apply to already started reconciliations.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace to target when performing operations\n                  for the HelmRelease. Defaults to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              test:\n                description: Test holds the configuration for Helm test actions for\n                  this HelmRelease.\n                properties:\n                  enable:\n                    description: Enable enables Helm test actions for this HelmRelease\n                      after an Helm install or upgrade action has been performed.\n                    type: boolean\n                  ignoreFailures:\n                    description: IgnoreFailures tells the controller to skip remediation\n                      when the Helm tests are run but fail. Can be overwritten for\n                      tests run after install or upgrade actions in 'Install.IgnoreTestFailures'\n                      and 'Upgrade.IgnoreTestFailures'.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation during the performance of a Helm test action. Defaults\n                      to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              timeout:\n                description: Timeout is the time to wait for any individual Kubernetes\n                  operation (like Jobs for hooks) during the performance of a Helm\n                  action. Defaults to '5m0s'.\n                type: string\n              uninstall:\n                description: Uninstall holds the configuration for Helm uninstall\n                  actions for this HelmRelease.\n                properties:\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables waiting for all the resources\n                      to be deleted after a Helm uninstall is performed.\n                    type: boolean\n                  keepHistory:\n                    description: KeepHistory tells Helm to remove all associated resources\n                      and mark the release as deleted, but retain the release history.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              upgrade:\n                description: Upgrade holds the configuration for Helm upgrade actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm upgrade action when it fails.\n                    type: boolean\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and\n                      if omitted CRDs are neither installed nor upgraded. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are not applied during Helm upgrade action. With this option\n                      users can opt-in to CRD upgrade, which is not (yet) natively\n                      supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm upgrade action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm upgrade\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm upgrade has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm upgrade has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  preserveValues:\n                    description: PreserveValues will make Helm reuse the last release's\n                      values and merge in overrides from 'Values'. Setting this flag\n                      makes the HelmRelease non-declarative.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm upgrade action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an upgrade\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false' unless 'Retries' is greater than 0.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          'Strategy', is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                      strategy:\n                        description: Strategy to use for failure remediation. Defaults\n                          to 'rollback'.\n                        enum:\n                        - rollback\n                        - uninstall\n                        type: string\n                    type: object\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              values:\n                description: Values holds the values for this Helm release.\n                x-kubernetes-preserve-unknown-fields: true\n              valuesFrom:\n                description: ValuesFrom holds references to resources containing Helm\n                  values for this HelmRelease, and information about how they should\n                  be merged.\n                items:\n                  description: ValuesReference contains a reference to a resource\n                    containing Helm values, and optionally the key they can be found\n                    at.\n                  properties:\n                    kind:\n                      description: Kind of the values referent, valid values are ('Secret',\n                        'ConfigMap').\n                      enum:\n                      - Secret\n                      - ConfigMap\n                      type: string\n                    name:\n                      description: Name of the values referent. Should reside in the\n                        same namespace as the referring resource.\n                      maxLength: 253\n                      minLength: 1\n                      type: string\n                    optional:\n                      description: Optional marks this ValuesReference as optional.\n                        When set, a not found error for the values reference is ignored,\n                        but any ValuesKey, TargetPath or transient error will still\n                        result in a reconciliation failure.\n                      type: boolean\n                    targetPath:\n                      description: TargetPath is the YAML dot notation path the value\n                        should be merged at. When set, the ValuesKey is expected to\n                        be a single flat value. Defaults to 'None', which results\n                        in the values getting merged at the root.\n                      type: string\n                    valuesKey:\n                      description: ValuesKey is the data key where the values.yaml\n                        or a specific value can be found at. Defaults to 'values.yaml'.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n            required:\n            - chart\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmReleaseStatus defines the observed state of a HelmRelease.\n            properties:\n              conditions:\n                description: Conditions holds the conditions for the HelmRelease.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              failures:\n                description: Failures is the reconciliation failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              helmChart:\n                description: HelmChart is the namespaced name of the HelmChart resource\n                  created by the controller for the HelmRelease.\n                type: string\n              installFailures:\n                description: InstallFailures is the install failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              lastAppliedRevision:\n                description: LastAppliedRevision is the revision of the last successfully\n                  applied source.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastAttemptedValuesChecksum:\n                description: LastAttemptedValuesChecksum is the SHA1 checksum of the\n                  values of the last reconciliation attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              lastReleaseRevision:\n                description: LastReleaseRevision is the revision of the last successful\n                  Helm release.\n                type: integer\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              upgradeFailures:\n                description: UpgradeFailures is the upgrade failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmRepository\n    listKind: HelmRepositoryList\n    plural: helmrepositories\n    shortNames:\n    - helmrepo\n    singular: helmrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec defines the reference to a Helm repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: The interval at which to check the upstream for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Helm repository. For HTTP/S basic auth the secret must contain\n                  username and password fields. For TLS the secret must contain a\n                  certFile and keyFile, and/or caCert fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout of index downloading, defaults to 60s.\n                type: string\n              url:\n                description: The Helm repository URL, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus defines the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last index fetched.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec specifies the required configuration to\n              produce an Artifact for a Helm repository index YAML.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: Interval at which to check the URL for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the HelmRepository. For HTTP/S basic auth the secret\n                  must contain 'username' and 'password' fields. For TLS the secret\n                  must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this HelmRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout of the index fetch operation, defaults to 60s.\n                type: string\n              url:\n                description: URL of the Helm repository, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus records the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful HelmRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise HelmRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomizations.kustomize.toolkit.fluxcd.io\nspec:\n  group: kustomize.toolkit.fluxcd.io\n  names:\n    kind: Kustomization\n    listKind: KustomizationList\n    plural: kustomizations\n    shortNames:\n    - ks\n    singular: kustomization\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the desired state of a kustomization.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When specified, KubeConfig takes precedence over\n                  ServiceAccountName.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a 'value' key with the kubeconfig file as the value. It must\n                      be in the same namespace as the Kustomization. It is recommended\n                      that the kubeconfig is self-contained, and the secret is regularly\n                      updated if credentials such as a cloud-access-token expire.\n                      Cloud specific `cmd-path` auth helpers will not function without\n                      adding binaries and credentials to the Pod that is responsible\n                      for reconciling the Kustomization.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: JSON 6902 patches, defined as inline YAML objects.\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: Strategic merge patches, defined as inline YAML objects.\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent\n                    type: string\n                  kind:\n                    description: Kind of the referent\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the Kustomization\n                      namespace\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: Validate the Kubernetes objects before applying them\n                  on the cluster. The validation strategy can be 'client' (local dry-run),\n                  'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',\n                  validation will fallback to 'client' if set to 'server' because\n                  server-side validation is not supported in this scenario.\n                enum:\n                - none\n                - client\n                - server\n                type: string\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n              snapshot:\n                description: The last successfully applied revision metadata.\n                properties:\n                  checksum:\n                    description: The manifests sha1 checksum.\n                    type: string\n                  entries:\n                    description: A list of Kubernetes kinds grouped by namespace.\n                    items:\n                      description: Snapshot holds the metadata of namespaced Kubernetes\n                        objects\n                      properties:\n                        kinds:\n                          additionalProperties:\n                            type: string\n                          description: The list of Kubernetes kinds.\n                          type: object\n                        namespace:\n                          description: The namespace of this entry.\n                          type: string\n                      required:\n                      - kinds\n                      type: object\n                    type: array\n                required:\n                - checksum\n                - entries\n                type: object\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the configuration to calculate\n              the desired state from a Source using Kustomize.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name of a secret that contains\n                      a key with the kubeconfig file as the value. If no key is set,\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the Kustomization. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the Kustomization.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:\n                  Use Patches instead.'\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: 'Strategic merge patches, defined as inline YAML objects.\n                  Deprecated: Use Patches instead.'\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                        optional:\n                          default: false\n                          description: Optional indicates whether the referenced resource\n                            must exist, or whether to tolerate its absence. If true\n                            and the referenced resource is absent, proceed as if the\n                            resource was present but empty, without any variables\n                            defined.\n                          type: boolean\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent.\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the namespace\n                      of the Kubernetes resource object that contains the reference.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: 'Deprecated: Not used in v1beta2.'\n                enum:\n                - none\n                - client\n                - server\n                type: string\n              wait:\n                description: Wait instructs the controller to check the health of\n                  all the reconciled resources. When enabled, the HealthChecks are\n                  ignored. Defaults to false.\n                type: boolean\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              inventory:\n                description: Inventory contains the list of Kubernetes resource object\n                  references that have been successfully applied.\n                properties:\n                  entries:\n                    description: Entries of Kubernetes resource object references.\n                    items:\n                      description: ResourceRef contains the information necessary\n                        to locate a resource within a cluster.\n                      properties:\n                        id:\n                          description: ID is the string representation of the Kubernetes\n                            resource object's metadata, in the format '\u003cnamespace\u003e_\u003cname\u003e_\u003cgroup\u003e_\u003ckind\u003e'.\n                          type: string\n                        v:\n                          description: Version is the API version of the Kubernetes\n                            resource object's kind.\n                          type: string\n                      required:\n                      - id\n                      - v\n                      type: object\n                    type: array\n                required:\n                - entries\n                type: object\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: providers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Provider\n    listKind: ProviderList\n    plural: providers\n    singular: provider\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Provider is the Schema for the providers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ProviderSpec defines the desired state of Provider\n            properties:\n              address:\n                description: HTTP/S webhook address of this provider\n                pattern: ^(http|https)://\n                type: string\n              certSecretRef:\n                description: CertSecretRef can be given the name of a secret containing\n                  a PEM-encoded CA certificate (`caFile`)\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              channel:\n                description: Alert channel for this provider\n                type: string\n              proxy:\n                description: HTTP/S address of the proxy\n                pattern: ^(http|https)://\n                type: string\n              secretRef:\n                description: Secret reference containing the provider webhook URL\n                  using \"address\" as data key\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of provider\n                enum:\n                - slack\n                - discord\n                - msteams\n                - rocket\n                - generic\n                - github\n                - gitlab\n                - bitbucket\n                - azuredevops\n                - googlechat\n                - webex\n                - sentry\n                - azureeventhub\n                - telegram\n                - lark\n                - matrix\n                - opsgenie\n                - alertmanager\n                - grafana\n                type: string\n              username:\n                description: Bot username for this provider\n                type: string\n            required:\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ProviderStatus defines the observed state of Provider\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: receivers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Receiver\n    listKind: ReceiverList\n    plural: receivers\n    singular: receiver\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Receiver is the Schema for the receivers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ReceiverSpec defines the desired state of Receiver\n            properties:\n              events:\n                description: A list of events to handle, e.g. 'push' for GitHub or\n                  'Push Hook' for GitLab.\n                items:\n                  type: string\n                type: array\n              resources:\n                description: A list of resources to be notified about changes.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              secretRef:\n                description: Secret reference containing the token used to validate\n                  the payload authenticity\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of webhook sender, used to determine the validation\n                  procedure and payload deserialization.\n                enum:\n                - generic\n                - generic-hmac\n                - github\n                - gitlab\n                - bitbucket\n                - harbor\n                - dockerhub\n                - quay\n                - gcr\n                - nexus\n                - acr\n                type: string\n            required:\n            - resources\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ReceiverStatus defines the observed state of Receiver\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helm-controller\n  namespace: flux-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomize-controller\n  namespace: flux-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: notification-controller\n  namespace: flux-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: source-controller\n  namespace: flux-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nrules:\n- apiGroups:\n  - source.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - kustomize.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - helm.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - notification.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - image.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - \"\"\n  resources:\n  - namespaces\n  - secrets\n  - configmaps\n  - serviceaccounts\n  verbs:\n  - get\n  - list\n  - watch\n- apiGroups:\n  - \"\"\n  resources:\n  - events\n  verbs:\n  - create\n  - patch\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps/status\n  verbs:\n  - get\n  - update\n  - patch\n- apiGroups:\n  - coordination.k8s.io\n  resources:\n  - leases\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: cluster-reconciler-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: crd-controller-flux-system\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: source-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: notification-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-reflector-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-automation-controller\n  namespace: flux-system\n---\napiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: notification-controller\n  type: ClusterIP\n---\napiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: source-controller\n  type: ClusterIP\n---\napiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: webhook-receiver\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http-webhook\n  selector:\n    app: notification-controller\n  type: ClusterIP\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: helm-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: helm-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: helm-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/helm-controller:v0.21.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: helm-controller\n      terminationGracePeriodSeconds: 600\n      volumes:\n      - emptyDir: {}\n        name: temp\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: kustomize-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: kustomize-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: kustomize-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/kustomize-controller:v0.25.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: kustomize-controller\n      terminationGracePeriodSeconds: 60\n      volumes:\n      - emptyDir: {}\n        name: temp\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: notification-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: notification-controller\n    spec:\n      containers:\n      - args:\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/notification-controller:v0.23.5\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 9292\n          name: http-webhook\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: notification-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: temp\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: source-controller\n  strategy:\n    type: Recreate\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: source-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        - --storage-path=/data\n        - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/source-controller:v0.24.4\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /\n            port: http\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 50m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /data\n          name: data\n        - mountPath: /tmp\n          name: tmp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: source-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: data\n      - emptyDir: {}\n        name: tmp\n",
-            "id": "2e1d70facf3d57e974ca1cb0830acd8d16311b82deb3c0e5ecb482fc7aa1261b",
-            "image_pull_secrets": null,
-            "log_level": "info",
-            "namespace": "flux-system",
-            "network_policy": false,
-            "path": "clank/flux-system/gotk-components.yaml",
-            "registry": "ghcr.io/fluxcd",
-            "target_path": "clank",
-            "toleration_keys": null,
-            "version": "latest",
-            "watch_all_namespaces": true
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.flux",
-      "mode": "data",
-      "type": "flux_sync",
-      "name": "main",
-      "provider": "module.flux.provider[\"registry.terraform.io/fluxcd/flux\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "branch": "main",
-            "commit": null,
-            "content": "# This manifest was generated by flux. DO NOT EDIT.\n---\napiVersion: source.toolkit.fluxcd.io/v1beta2\nkind: GitRepository\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 1m0s\n  ref:\n    branch: main\n  secretRef:\n    name: flux-system\n  url: ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git\n---\napiVersion: kustomize.toolkit.fluxcd.io/v1beta2\nkind: Kustomization\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 10m0s\n  path: ./clank\n  prune: true\n  sourceRef:\n    kind: GitRepository\n    name: flux-system\n",
-            "git_implementation": null,
-            "id": "03f8aac88c0386cce28b142e9ea4defd3902a90a0213b8722ce04021876756ee",
-            "interval": 1,
-            "kustomize_content": "\napiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\nresources:\n- gotk-sync.yaml\n- gotk-components.yaml\n",
-            "kustomize_path": "clank/flux-system/kustomization.yaml",
-            "name": "flux-system",
-            "namespace": "flux-system",
-            "patch_file_paths": {},
-            "patch_names": null,
-            "path": "clank/flux-system/gotk-sync.yaml",
-            "secret": "flux-system",
-            "semver": null,
-            "tag": null,
-            "target_path": "clank",
-            "url": "ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git"
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.flux",
-      "mode": "data",
-      "type": "kubectl_file_documents",
-      "name": "apply",
-      "provider": "module.flux.provider[\"registry.terraform.io/gavinbunney/kubectl\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "content": "---\n# This manifest was generated by flux. DO NOT EDIT.\n# Flux Version: latest\n# Components: source-controller,kustomize-controller,helm-controller,notification-controller\napiVersion: v1\nkind: Namespace\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    pod-security.kubernetes.io/warn: restricted\n    pod-security.kubernetes.io/warn-version: latest\n  name: flux-system\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: alerts.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Alert\n    listKind: AlertList\n    plural: alerts\n    singular: alert\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Alert is the Schema for the alerts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: AlertSpec defines an alerting rule for events involving a\n              list of objects\n            properties:\n              eventSeverity:\n                default: info\n                description: Filter events based on severity, defaults to ('info').\n                  If set to 'info' no events will be filtered.\n                enum:\n                - info\n                - error\n                type: string\n              eventSources:\n                description: Filter events based on the involved objects.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              exclusionList:\n                description: A list of Golang regular expressions to be used for excluding\n                  messages.\n                items:\n                  type: string\n                type: array\n              providerRef:\n                description: Send events using this provider.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              summary:\n                description: Short description of the impact and affected cluster.\n                type: string\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events dispatching. Defaults to false.\n                type: boolean\n            required:\n            - eventSources\n            - providerRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: AlertStatus defines the observed state of Alert\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: buckets.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: Bucket\n    listKind: BucketList\n    plural: buckets\n    singular: bucket\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec defines the desired state of an S3 compatible\n              bucket\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: The bucket name.\n                type: string\n              endpoint:\n                description: The bucket endpoint address.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.\n                type: boolean\n              interval:\n                description: The interval at which to check for bucket updates.\n                type: string\n              provider:\n                default: generic\n                description: The S3 compatible storage provider name, default ('generic').\n                enum:\n                - generic\n                - aws\n                - gcp\n                type: string\n              region:\n                description: The bucket region.\n                type: string\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for download operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus defines the observed state of a bucket\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  Bucket sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last Bucket sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec specifies the required configuration to produce\n              an Artifact for an object storage bucket.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: BucketName is the name of the object storage bucket.\n                type: string\n              endpoint:\n                description: Endpoint is the object storage address the BucketName\n                  is located at.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS HTTP Endpoint.\n                type: boolean\n              interval:\n                description: Interval at which to check the Endpoint for updates.\n                type: string\n              provider:\n                default: generic\n                description: Provider of the object storage bucket. Defaults to 'generic',\n                  which expects an S3 (API) compatible object storage.\n                enum:\n                - generic\n                - aws\n                - gcp\n                - azure\n                type: string\n              region:\n                description: Region of the Endpoint where the BucketName is located\n                  in.\n                type: string\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this Bucket.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for fetch operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus records the observed state of a Bucket.\n            properties:\n              artifact:\n                description: Artifact represents the last successful Bucket reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the Bucket object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: gitrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: GitRepository\n    listKind: GitRepositoryList\n    plural: gitrepositories\n    shortNames:\n    - gitrepo\n    singular: gitrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec defines the desired state of a Git repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: Determines which git client library to use. Defaults\n                  to go-git, valid values are ('go-git', 'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Extra git repositories to map into the repository\n                items:\n                  description: GitRepositoryInclude defines a source with a from and\n                    to path.\n                  properties:\n                    fromPath:\n                      description: The path to copy contents from, defaults to the\n                        root directory.\n                      type: string\n                    repository:\n                      description: Reference to a GitRepository to include.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: The path to copy contents to, defaults to the name\n                        of the source ref.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to check for repository updates.\n                type: string\n              recurseSubmodules:\n                description: When enabled, after the clone is created, initializes\n                  all submodules within, using their default settings. This option\n                  is available only when using the 'go-git' GitImplementation.\n                type: boolean\n              ref:\n                description: The Git reference to checkout and monitor for changes,\n                  defaults to master branch.\n                properties:\n                  branch:\n                    description: The Git branch to checkout, defaults to master.\n                    type: string\n                  commit:\n                    description: The Git commit SHA to checkout, if specified Tag\n                      filters will be ignored.\n                    type: string\n                  semver:\n                    description: The Git tag semver expression, takes precedence over\n                      Tag.\n                    type: string\n                  tag:\n                    description: The Git tag to checkout, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: The secret name containing the Git credentials. For HTTPS\n                  repositories the secret must contain username and password fields.\n                  For SSH repositories the secret must contain identity and known_hosts\n                  fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for remote Git operations like cloning, defaults\n                  to 60s.\n                type: string\n              url:\n                description: The repository URL, can be a HTTP/S or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verify OpenPGP signature for the Git commit HEAD points\n                  to.\n                properties:\n                  mode:\n                    description: Mode describes what git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: The secret name containing the public keys of all\n                      trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus defines the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts represents the included artifacts from\n                  the last successful repository sync.\n                items:\n                  description: Artifact represents the output of a source synchronisation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the artifact.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of this artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of this artifact.\n                      type: string\n                    revision:\n                      description: Revision is a human readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm index timestamp, a Helm chart version, etc.\n                      type: string\n                    url:\n                      description: URL is the HTTP address of this artifact.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last repository sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec specifies the required configuration to\n              produce an Artifact for a Git repository.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: GitImplementation specifies which Git client library\n                  implementation to use. Defaults to 'go-git', valid values are ('go-git',\n                  'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Include specifies a list of GitRepository resources which\n                  Artifacts should be included in the Artifact produced for this GitRepository.\n                items:\n                  description: GitRepositoryInclude specifies a local reference to\n                    a GitRepository which Artifact (sub-)contents must be included,\n                    and where they should be placed.\n                  properties:\n                    fromPath:\n                      description: FromPath specifies the path to copy contents from,\n                        defaults to the root of the Artifact.\n                      type: string\n                    repository:\n                      description: GitRepositoryRef specifies the GitRepository which\n                        Artifact contents must be included.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: ToPath specifies the path to copy contents to,\n                        defaults to the name of the GitRepositoryRef.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: Interval at which to check the GitRepository for updates.\n                type: string\n              recurseSubmodules:\n                description: RecurseSubmodules enables the initialization of all submodules\n                  within the GitRepository as cloned from the URL, using their default\n                  settings. This option is available only when using the 'go-git'\n                  GitImplementation.\n                type: boolean\n              ref:\n                description: Reference specifies the Git reference to resolve and\n                  monitor for changes, defaults to the 'master' branch.\n                properties:\n                  branch:\n                    description: \"Branch to check out, defaults to 'master' if no\n                      other field is defined. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', a shallow clone of the specified branch\n                      is performed.\"\n                    type: string\n                  commit:\n                    description: \"Commit SHA to check out, takes precedence over all\n                      reference fields. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', this can be combined with Branch to shallow\n                      clone the branch, in which the commit is expected to exist.\"\n                    type: string\n                  semver:\n                    description: SemVer tag expression to check out, takes precedence\n                      over Tag.\n                    type: string\n                  tag:\n                    description: Tag to check out, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the GitRepository. For HTTPS repositories the Secret\n                  must contain 'username' and 'password' fields. For SSH repositories\n                  the Secret must contain 'identity' and 'known_hosts' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this GitRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for Git operations like cloning, defaults to\n                  60s.\n                type: string\n              url:\n                description: URL specifies the Git repository URL, it can be an HTTP/S\n                  or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verification specifies the configuration to verify the\n                  Git commit signature(s).\n                properties:\n                  mode:\n                    description: Mode specifies what Git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: SecretRef specifies the Secret containing the public\n                      keys of trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus records the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful GitRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts contains a list of the last successfully\n                  included Artifacts as instructed by GitRepositorySpec.Include.\n                items:\n                  description: Artifact represents the output of a Source reconciliation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the Artifact\n                        file.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of the Artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of the Artifact.\n                        It can be used to locate the file in the root of the Artifact\n                        storage on the local file system of the controller managing\n                        the Source.\n                      type: string\n                    revision:\n                      description: Revision is a human-readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm chart version, etc.\n                      type: string\n                    size:\n                      description: Size is the number of bytes in the file.\n                      format: int64\n                      type: integer\n                    url:\n                      description: URL is the HTTP address of the Artifact as exposed\n                        by the controller managing the Source. It can be used to retrieve\n                        the Artifact for consumption, e.g. by another controller applying\n                        the Artifact contents.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the GitRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise GitRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmcharts.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmChart\n    listKind: HelmChartList\n    plural: helmcharts\n    shortNames:\n    - hc\n    singular: helmchart\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec defines the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: The name or path the Helm chart is available at in the\n                  SourceRef.\n                type: string\n              interval:\n                description: The interval at which to check the Source for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: Determines what enables the creation of a new artifact.\n                  Valid values are ('ChartVersion', 'Revision'). See the documentation\n                  of the values for an explanation on their behavior. Defaults to\n                  ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: The reference to the Source the chart is available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: Alternative values file to use as the default chart values,\n                  expected to be a relative path in the SourceRef. Deprecated in favor\n                  of ValuesFiles, for backwards compatibility the file defined here\n                  is merged before the ValuesFiles items. Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: Alternative list of values files to use as the chart\n                  values (values.yaml is not included by default), expected to be\n                  a relative path in the SourceRef. Values files are merged in the\n                  order of this list with the last file overriding the first. Ignored\n                  when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: The chart version semver expression, ignored for charts\n                  from GitRepository and Bucket sources. Defaults to latest when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus defines the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  chart sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last chart pulled.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec specifies the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: Chart is the name or path the Helm chart is available\n                  at in the SourceRef.\n                type: string\n              interval:\n                description: Interval is the interval at which to check the Source\n                  for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: ReconcileStrategy determines what enables the creation\n                  of a new artifact. Valid values are ('ChartVersion', 'Revision').\n                  See the documentation of the values for an explanation on their\n                  behavior. Defaults to ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: SourceRef is the reference to the Source the chart is\n                  available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: ValuesFile is an alternative values file to use as the\n                  default chart values, expected to be a relative path in the SourceRef.\n                  Deprecated in favor of ValuesFiles, for backwards compatibility\n                  the file specified here is merged before the ValuesFiles items.\n                  Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: ValuesFiles is an alternative list of values files to\n                  use as the chart values (values.yaml is not included by default),\n                  expected to be a relative path in the SourceRef. Values files are\n                  merged in the order of this list with the last file overriding the\n                  first. Ignored when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: Version is the chart version semver expression, ignored\n                  for charts from GitRepository and Bucket sources. Defaults to latest\n                  when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus records the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedChartName:\n                description: ObservedChartName is the last observed chart name as\n                  specified by the resolved chart reference.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmChart object.\n                format: int64\n                type: integer\n              observedSourceArtifactRevision:\n                description: ObservedSourceArtifactRevision is the last observed Artifact.Revision\n                  of the HelmChartSpec.SourceRef.\n                type: string\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmreleases.helm.toolkit.fluxcd.io\nspec:\n  group: helm.toolkit.fluxcd.io\n  names:\n    kind: HelmRelease\n    listKind: HelmReleaseList\n    plural: helmreleases\n    shortNames:\n    - hr\n    singular: helmrelease\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v2beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRelease is the Schema for the helmreleases API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmReleaseSpec defines the desired state of a Helm release.\n            properties:\n              chart:\n                description: Chart defines the template of the v1beta2.HelmChart that\n                  should be created for this HelmRelease.\n                properties:\n                  spec:\n                    description: Spec holds the template for the v1beta2.HelmChartSpec\n                      for this HelmRelease.\n                    properties:\n                      chart:\n                        description: The name or path the Helm chart is available\n                          at in the SourceRef.\n                        type: string\n                      interval:\n                        description: Interval at which to check the v1beta2.Source\n                          for updates. Defaults to 'HelmReleaseSpec.Interval'.\n                        type: string\n                      reconcileStrategy:\n                        default: ChartVersion\n                        description: Determines what enables the creation of a new\n                          artifact. Valid values are ('ChartVersion', 'Revision').\n                          See the documentation of the values for an explanation on\n                          their behavior. Defaults to ChartVersion when omitted.\n                        enum:\n                        - ChartVersion\n                        - Revision\n                        type: string\n                      sourceRef:\n                        description: The name and namespace of the v1beta2.Source\n                          the chart is available at.\n                        properties:\n                          apiVersion:\n                            description: APIVersion of the referent.\n                            type: string\n                          kind:\n                            description: Kind of the referent.\n                            enum:\n                            - HelmRepository\n                            - GitRepository\n                            - Bucket\n                            type: string\n                          name:\n                            description: Name of the referent.\n                            maxLength: 253\n                            minLength: 1\n                            type: string\n                          namespace:\n                            description: Namespace of the referent.\n                            maxLength: 63\n                            minLength: 1\n                            type: string\n                        required:\n                        - name\n                        type: object\n                      valuesFile:\n                        description: Alternative values file to use as the default\n                          chart values, expected to be a relative path in the SourceRef.\n                          Deprecated in favor of ValuesFiles, for backwards compatibility\n                          the file defined here is merged before the ValuesFiles items.\n                          Ignored when omitted.\n                        type: string\n                      valuesFiles:\n                        description: Alternative list of values files to use as the\n                          chart values (values.yaml is not included by default), expected\n                          to be a relative path in the SourceRef. Values files are\n                          merged in the order of this list with the last file overriding\n                          the first. Ignored when omitted.\n                        items:\n                          type: string\n                        type: array\n                      version:\n                        default: '*'\n                        description: Version semver expression, ignored for charts\n                          from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults\n                          to latest when omitted.\n                        type: string\n                    required:\n                    - chart\n                    - sourceRef\n                    type: object\n                required:\n                - spec\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to HelmRelease resources that must be ready\n                  before this HelmRelease can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              install:\n                description: Install holds the configuration for Helm install actions\n                  for this HelmRelease.\n                properties:\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Create`\n                      and if omitted CRDs are installed but not updated. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are applied (installed) during Helm install action. With this\n                      option users can opt-in to CRD replace existing CRDs on Helm\n                      install actions, which is not (yet) natively supported by Helm.\n                      https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  createNamespace:\n                    description: CreateNamespace tells the Helm install action to\n                      create the HelmReleaseSpec.TargetNamespace if it does not exist\n                      yet. On uninstall, the namespace will not be garbage collected.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm install action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm install\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm install has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm install has been performed.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm install action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an install\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false'.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          an uninstall, is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                    type: object\n                  replace:\n                    description: Replace tells the Helm install action to re-use the\n                      'ReleaseName', but only if that name is a deleted release which\n                      remains in the history.\n                    type: boolean\n                  skipCRDs:\n                    description: \"SkipCRDs tells the Helm install action to not install\n                      any CRDs. By default, CRDs are installed if not already present.\n                      \\n Deprecated use CRD policy (`crds`) attribute with value `Skip`\n                      instead.\"\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              interval:\n                description: Interval at which to reconcile the Helm release.\n                type: string\n              kubeConfig:\n                description: KubeConfig for reconciling the HelmRelease on a remote\n                  cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a key with the kubeconfig file as the value. If no key is specified\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the HelmRelease. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the HelmRelease.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              maxHistory:\n                description: MaxHistory is the number of revisions saved by Helm for\n                  this HelmRelease. Use '0' for an unlimited number of revisions;\n                  defaults to '10'.\n                type: integer\n              postRenderers:\n                description: PostRenderers holds an array of Helm PostRenderers, which\n                  will be applied in order of their definition.\n                items:\n                  description: PostRenderer contains a Helm PostRenderer specification.\n                  properties:\n                    kustomize:\n                      description: Kustomization to apply as PostRenderer.\n                      properties:\n                        images:\n                          description: Images is a list of (image name, new name,\n                            new tag or digest) for changing image names, tags or digests.\n                            This can also be achieved with a patch, but this operator\n                            is simpler to specify.\n                          items:\n                            description: Image contains an image name, a new name,\n                              a new tag or digest, which will replace the original\n                              name and tag.\n                            properties:\n                              digest:\n                                description: Digest is the value used to replace the\n                                  original image tag. If digest is present NewTag\n                                  value is ignored.\n                                type: string\n                              name:\n                                description: Name is a tag-less image name.\n                                type: string\n                              newName:\n                                description: NewName is the value used to replace\n                                  the original name.\n                                type: string\n                              newTag:\n                                description: NewTag is the value used to replace the\n                                  original tag.\n                                type: string\n                            required:\n                            - name\n                            type: object\n                          type: array\n                        patches:\n                          description: Strategic merge and JSON patches, defined as\n                            inline YAML objects, capable of targeting objects based\n                            on kind, label and annotation selectors.\n                          items:\n                            description: Patch contains an inline StrategicMerge or\n                              JSON6902 patch, and the target the patch should be applied\n                              to.\n                            properties:\n                              patch:\n                                description: Patch contains an inline StrategicMerge\n                                  patch or an inline JSON6902 patch with an array\n                                  of operation objects.\n                                type: string\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            type: object\n                          type: array\n                        patchesJson6902:\n                          description: JSON 6902 patches, defined as inline YAML objects.\n                          items:\n                            description: JSON6902Patch contains a JSON6902 patch and\n                              the target the patch should be applied to.\n                            properties:\n                              patch:\n                                description: Patch contains the JSON6902 patch document\n                                  with an array of operation objects.\n                                items:\n                                  description: JSON6902 is a JSON6902 operation object.\n                                    https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                  properties:\n                                    from:\n                                      description: From contains a JSON-pointer value\n                                        that references a location within the target\n                                        document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      type: string\n                                    op:\n                                      description: Op indicates the operation to perform.\n                                        Its value MUST be one of \"add\", \"remove\",\n                                        \"replace\", \"move\", \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                      enum:\n                                      - test\n                                      - remove\n                                      - add\n                                      - replace\n                                      - move\n                                      - copy\n                                      type: string\n                                    path:\n                                      description: Path contains the JSON-pointer\n                                        value that references a location within the\n                                        target document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op.\n                                      type: string\n                                    value:\n                                      description: Value contains a valid JSON structure.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      x-kubernetes-preserve-unknown-fields: true\n                                  required:\n                                  - op\n                                  - path\n                                  type: object\n                                type: array\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            required:\n                            - patch\n                            - target\n                            type: object\n                          type: array\n                        patchesStrategicMerge:\n                          description: Strategic merge patches, defined as inline\n                            YAML objects.\n                          items:\n                            x-kubernetes-preserve-unknown-fields: true\n                          type: array\n                      type: object\n                  type: object\n                type: array\n              releaseName:\n                description: ReleaseName used for the Helm release. Defaults to a\n                  composition of '[TargetNamespace-]Name'.\n                maxLength: 53\n                minLength: 1\n                type: string\n              rollback:\n                description: Rollback holds the configuration for Helm rollback actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm rollback action when it fails.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm rollback has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm rollback has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  recreate:\n                    description: Recreate performs pod restarts for the resource if\n                      applicable.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this HelmRelease.\n                type: string\n              storageNamespace:\n                description: StorageNamespace used for the Helm storage. Defaults\n                  to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              suspend:\n                description: Suspend tells the controller to suspend reconciliation\n                  for this HelmRelease, it does not apply to already started reconciliations.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace to target when performing operations\n                  for the HelmRelease. Defaults to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              test:\n                description: Test holds the configuration for Helm test actions for\n                  this HelmRelease.\n                properties:\n                  enable:\n                    description: Enable enables Helm test actions for this HelmRelease\n                      after an Helm install or upgrade action has been performed.\n                    type: boolean\n                  ignoreFailures:\n                    description: IgnoreFailures tells the controller to skip remediation\n                      when the Helm tests are run but fail. Can be overwritten for\n                      tests run after install or upgrade actions in 'Install.IgnoreTestFailures'\n                      and 'Upgrade.IgnoreTestFailures'.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation during the performance of a Helm test action. Defaults\n                      to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              timeout:\n                description: Timeout is the time to wait for any individual Kubernetes\n                  operation (like Jobs for hooks) during the performance of a Helm\n                  action. Defaults to '5m0s'.\n                type: string\n              uninstall:\n                description: Uninstall holds the configuration for Helm uninstall\n                  actions for this HelmRelease.\n                properties:\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables waiting for all the resources\n                      to be deleted after a Helm uninstall is performed.\n                    type: boolean\n                  keepHistory:\n                    description: KeepHistory tells Helm to remove all associated resources\n                      and mark the release as deleted, but retain the release history.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              upgrade:\n                description: Upgrade holds the configuration for Helm upgrade actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm upgrade action when it fails.\n                    type: boolean\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and\n                      if omitted CRDs are neither installed nor upgraded. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are not applied during Helm upgrade action. With this option\n                      users can opt-in to CRD upgrade, which is not (yet) natively\n                      supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm upgrade action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm upgrade\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm upgrade has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm upgrade has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  preserveValues:\n                    description: PreserveValues will make Helm reuse the last release's\n                      values and merge in overrides from 'Values'. Setting this flag\n                      makes the HelmRelease non-declarative.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm upgrade action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an upgrade\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false' unless 'Retries' is greater than 0.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          'Strategy', is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                      strategy:\n                        description: Strategy to use for failure remediation. Defaults\n                          to 'rollback'.\n                        enum:\n                        - rollback\n                        - uninstall\n                        type: string\n                    type: object\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              values:\n                description: Values holds the values for this Helm release.\n                x-kubernetes-preserve-unknown-fields: true\n              valuesFrom:\n                description: ValuesFrom holds references to resources containing Helm\n                  values for this HelmRelease, and information about how they should\n                  be merged.\n                items:\n                  description: ValuesReference contains a reference to a resource\n                    containing Helm values, and optionally the key they can be found\n                    at.\n                  properties:\n                    kind:\n                      description: Kind of the values referent, valid values are ('Secret',\n                        'ConfigMap').\n                      enum:\n                      - Secret\n                      - ConfigMap\n                      type: string\n                    name:\n                      description: Name of the values referent. Should reside in the\n                        same namespace as the referring resource.\n                      maxLength: 253\n                      minLength: 1\n                      type: string\n                    optional:\n                      description: Optional marks this ValuesReference as optional.\n                        When set, a not found error for the values reference is ignored,\n                        but any ValuesKey, TargetPath or transient error will still\n                        result in a reconciliation failure.\n                      type: boolean\n                    targetPath:\n                      description: TargetPath is the YAML dot notation path the value\n                        should be merged at. When set, the ValuesKey is expected to\n                        be a single flat value. Defaults to 'None', which results\n                        in the values getting merged at the root.\n                      type: string\n                    valuesKey:\n                      description: ValuesKey is the data key where the values.yaml\n                        or a specific value can be found at. Defaults to 'values.yaml'.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n            required:\n            - chart\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmReleaseStatus defines the observed state of a HelmRelease.\n            properties:\n              conditions:\n                description: Conditions holds the conditions for the HelmRelease.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              failures:\n                description: Failures is the reconciliation failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              helmChart:\n                description: HelmChart is the namespaced name of the HelmChart resource\n                  created by the controller for the HelmRelease.\n                type: string\n              installFailures:\n                description: InstallFailures is the install failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              lastAppliedRevision:\n                description: LastAppliedRevision is the revision of the last successfully\n                  applied source.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastAttemptedValuesChecksum:\n                description: LastAttemptedValuesChecksum is the SHA1 checksum of the\n                  values of the last reconciliation attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              lastReleaseRevision:\n                description: LastReleaseRevision is the revision of the last successful\n                  Helm release.\n                type: integer\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              upgradeFailures:\n                description: UpgradeFailures is the upgrade failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmRepository\n    listKind: HelmRepositoryList\n    plural: helmrepositories\n    shortNames:\n    - helmrepo\n    singular: helmrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec defines the reference to a Helm repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: The interval at which to check the upstream for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Helm repository. For HTTP/S basic auth the secret must contain\n                  username and password fields. For TLS the secret must contain a\n                  certFile and keyFile, and/or caCert fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout of index downloading, defaults to 60s.\n                type: string\n              url:\n                description: The Helm repository URL, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus defines the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last index fetched.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec specifies the required configuration to\n              produce an Artifact for a Helm repository index YAML.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: Interval at which to check the URL for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the HelmRepository. For HTTP/S basic auth the secret\n                  must contain 'username' and 'password' fields. For TLS the secret\n                  must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this HelmRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout of the index fetch operation, defaults to 60s.\n                type: string\n              url:\n                description: URL of the Helm repository, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus records the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful HelmRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise HelmRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomizations.kustomize.toolkit.fluxcd.io\nspec:\n  group: kustomize.toolkit.fluxcd.io\n  names:\n    kind: Kustomization\n    listKind: KustomizationList\n    plural: kustomizations\n    shortNames:\n    - ks\n    singular: kustomization\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the desired state of a kustomization.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When specified, KubeConfig takes precedence over\n                  ServiceAccountName.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a 'value' key with the kubeconfig file as the value. It must\n                      be in the same namespace as the Kustomization. It is recommended\n                      that the kubeconfig is self-contained, and the secret is regularly\n                      updated if credentials such as a cloud-access-token expire.\n                      Cloud specific `cmd-path` auth helpers will not function without\n                      adding binaries and credentials to the Pod that is responsible\n                      for reconciling the Kustomization.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: JSON 6902 patches, defined as inline YAML objects.\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: Strategic merge patches, defined as inline YAML objects.\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent\n                    type: string\n                  kind:\n                    description: Kind of the referent\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the Kustomization\n                      namespace\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: Validate the Kubernetes objects before applying them\n                  on the cluster. The validation strategy can be 'client' (local dry-run),\n                  'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',\n                  validation will fallback to 'client' if set to 'server' because\n                  server-side validation is not supported in this scenario.\n                enum:\n                - none\n                - client\n                - server\n                type: string\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n              snapshot:\n                description: The last successfully applied revision metadata.\n                properties:\n                  checksum:\n                    description: The manifests sha1 checksum.\n                    type: string\n                  entries:\n                    description: A list of Kubernetes kinds grouped by namespace.\n                    items:\n                      description: Snapshot holds the metadata of namespaced Kubernetes\n                        objects\n                      properties:\n                        kinds:\n                          additionalProperties:\n                            type: string\n                          description: The list of Kubernetes kinds.\n                          type: object\n                        namespace:\n                          description: The namespace of this entry.\n                          type: string\n                      required:\n                      - kinds\n                      type: object\n                    type: array\n                required:\n                - checksum\n                - entries\n                type: object\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the configuration to calculate\n              the desired state from a Source using Kustomize.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name of a secret that contains\n                      a key with the kubeconfig file as the value. If no key is set,\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the Kustomization. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the Kustomization.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:\n                  Use Patches instead.'\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: 'Strategic merge patches, defined as inline YAML objects.\n                  Deprecated: Use Patches instead.'\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                        optional:\n                          default: false\n                          description: Optional indicates whether the referenced resource\n                            must exist, or whether to tolerate its absence. If true\n                            and the referenced resource is absent, proceed as if the\n                            resource was present but empty, without any variables\n                            defined.\n                          type: boolean\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent.\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the namespace\n                      of the Kubernetes resource object that contains the reference.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: 'Deprecated: Not used in v1beta2.'\n                enum:\n                - none\n                - client\n                - server\n                type: string\n              wait:\n                description: Wait instructs the controller to check the health of\n                  all the reconciled resources. When enabled, the HealthChecks are\n                  ignored. Defaults to false.\n                type: boolean\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              inventory:\n                description: Inventory contains the list of Kubernetes resource object\n                  references that have been successfully applied.\n                properties:\n                  entries:\n                    description: Entries of Kubernetes resource object references.\n                    items:\n                      description: ResourceRef contains the information necessary\n                        to locate a resource within a cluster.\n                      properties:\n                        id:\n                          description: ID is the string representation of the Kubernetes\n                            resource object's metadata, in the format '\u003cnamespace\u003e_\u003cname\u003e_\u003cgroup\u003e_\u003ckind\u003e'.\n                          type: string\n                        v:\n                          description: Version is the API version of the Kubernetes\n                            resource object's kind.\n                          type: string\n                      required:\n                      - id\n                      - v\n                      type: object\n                    type: array\n                required:\n                - entries\n                type: object\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: providers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Provider\n    listKind: ProviderList\n    plural: providers\n    singular: provider\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Provider is the Schema for the providers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ProviderSpec defines the desired state of Provider\n            properties:\n              address:\n                description: HTTP/S webhook address of this provider\n                pattern: ^(http|https)://\n                type: string\n              certSecretRef:\n                description: CertSecretRef can be given the name of a secret containing\n                  a PEM-encoded CA certificate (`caFile`)\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              channel:\n                description: Alert channel for this provider\n                type: string\n              proxy:\n                description: HTTP/S address of the proxy\n                pattern: ^(http|https)://\n                type: string\n              secretRef:\n                description: Secret reference containing the provider webhook URL\n                  using \"address\" as data key\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of provider\n                enum:\n                - slack\n                - discord\n                - msteams\n                - rocket\n                - generic\n                - github\n                - gitlab\n                - bitbucket\n                - azuredevops\n                - googlechat\n                - webex\n                - sentry\n                - azureeventhub\n                - telegram\n                - lark\n                - matrix\n                - opsgenie\n                - alertmanager\n                - grafana\n                type: string\n              username:\n                description: Bot username for this provider\n                type: string\n            required:\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ProviderStatus defines the observed state of Provider\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: receivers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Receiver\n    listKind: ReceiverList\n    plural: receivers\n    singular: receiver\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Receiver is the Schema for the receivers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ReceiverSpec defines the desired state of Receiver\n            properties:\n              events:\n                description: A list of events to handle, e.g. 'push' for GitHub or\n                  'Push Hook' for GitLab.\n                items:\n                  type: string\n                type: array\n              resources:\n                description: A list of resources to be notified about changes.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              secretRef:\n                description: Secret reference containing the token used to validate\n                  the payload authenticity\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of webhook sender, used to determine the validation\n                  procedure and payload deserialization.\n                enum:\n                - generic\n                - generic-hmac\n                - github\n                - gitlab\n                - bitbucket\n                - harbor\n                - dockerhub\n                - quay\n                - gcr\n                - nexus\n                - acr\n                type: string\n            required:\n            - resources\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ReceiverStatus defines the observed state of Receiver\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helm-controller\n  namespace: flux-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomize-controller\n  namespace: flux-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: notification-controller\n  namespace: flux-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: source-controller\n  namespace: flux-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nrules:\n- apiGroups:\n  - source.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - kustomize.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - helm.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - notification.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - image.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - \"\"\n  resources:\n  - namespaces\n  - secrets\n  - configmaps\n  - serviceaccounts\n  verbs:\n  - get\n  - list\n  - watch\n- apiGroups:\n  - \"\"\n  resources:\n  - events\n  verbs:\n  - create\n  - patch\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps/status\n  verbs:\n  - get\n  - update\n  - patch\n- apiGroups:\n  - coordination.k8s.io\n  resources:\n  - leases\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: cluster-reconciler-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: crd-controller-flux-system\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: source-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: notification-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-reflector-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-automation-controller\n  namespace: flux-system\n---\napiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: notification-controller\n  type: ClusterIP\n---\napiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: source-controller\n  type: ClusterIP\n---\napiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: webhook-receiver\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http-webhook\n  selector:\n    app: notification-controller\n  type: ClusterIP\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: helm-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: helm-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: helm-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/helm-controller:v0.21.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: helm-controller\n      terminationGracePeriodSeconds: 600\n      volumes:\n      - emptyDir: {}\n        name: temp\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: kustomize-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: kustomize-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: kustomize-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/kustomize-controller:v0.25.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: kustomize-controller\n      terminationGracePeriodSeconds: 60\n      volumes:\n      - emptyDir: {}\n        name: temp\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: notification-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: notification-controller\n    spec:\n      containers:\n      - args:\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/notification-controller:v0.23.5\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 9292\n          name: http-webhook\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: notification-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: temp\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: source-controller\n  strategy:\n    type: Recreate\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: source-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        - --storage-path=/data\n        - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/source-controller:v0.24.4\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /\n            port: http\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 50m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /data\n          name: data\n        - mountPath: /tmp\n          name: tmp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: source-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: data\n      - emptyDir: {}\n        name: tmp\n",
-            "documents": [
-              "---\n# This manifest was generated by flux. DO NOT EDIT.\n# Flux Version: latest\n# Components: source-controller,kustomize-controller,helm-controller,notification-controller\napiVersion: v1\nkind: Namespace\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    pod-security.kubernetes.io/warn: restricted\n    pod-security.kubernetes.io/warn-version: latest\n  name: flux-system",
-              "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: alerts.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Alert\n    listKind: AlertList\n    plural: alerts\n    singular: alert\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Alert is the Schema for the alerts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: AlertSpec defines an alerting rule for events involving a\n              list of objects\n            properties:\n              eventSeverity:\n                default: info\n                description: Filter events based on severity, defaults to ('info').\n                  If set to 'info' no events will be filtered.\n                enum:\n                - info\n                - error\n                type: string\n              eventSources:\n                description: Filter events based on the involved objects.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              exclusionList:\n                description: A list of Golang regular expressions to be used for excluding\n                  messages.\n                items:\n                  type: string\n                type: array\n              providerRef:\n                description: Send events using this provider.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              summary:\n                description: Short description of the impact and affected cluster.\n                type: string\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events dispatching. Defaults to false.\n                type: boolean\n            required:\n            - eventSources\n            - providerRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: AlertStatus defines the observed state of Alert\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-              "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: buckets.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: Bucket\n    listKind: BucketList\n    plural: buckets\n    singular: bucket\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec defines the desired state of an S3 compatible\n              bucket\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: The bucket name.\n                type: string\n              endpoint:\n                description: The bucket endpoint address.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.\n                type: boolean\n              interval:\n                description: The interval at which to check for bucket updates.\n                type: string\n              provider:\n                default: generic\n                description: The S3 compatible storage provider name, default ('generic').\n                enum:\n                - generic\n                - aws\n                - gcp\n                type: string\n              region:\n                description: The bucket region.\n                type: string\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for download operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus defines the observed state of a bucket\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  Bucket sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last Bucket sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec specifies the required configuration to produce\n              an Artifact for an object storage bucket.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: BucketName is the name of the object storage bucket.\n                type: string\n              endpoint:\n                description: Endpoint is the object storage address the BucketName\n                  is located at.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS HTTP Endpoint.\n                type: boolean\n              interval:\n                description: Interval at which to check the Endpoint for updates.\n                type: string\n              provider:\n                default: generic\n                description: Provider of the object storage bucket. Defaults to 'generic',\n                  which expects an S3 (API) compatible object storage.\n                enum:\n                - generic\n                - aws\n                - gcp\n                - azure\n                type: string\n              region:\n                description: Region of the Endpoint where the BucketName is located\n                  in.\n                type: string\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this Bucket.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for fetch operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus records the observed state of a Bucket.\n            properties:\n              artifact:\n                description: Artifact represents the last successful Bucket reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the Bucket object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-              "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: gitrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: GitRepository\n    listKind: GitRepositoryList\n    plural: gitrepositories\n    shortNames:\n    - gitrepo\n    singular: gitrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec defines the desired state of a Git repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: Determines which git client library to use. Defaults\n                  to go-git, valid values are ('go-git', 'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Extra git repositories to map into the repository\n                items:\n                  description: GitRepositoryInclude defines a source with a from and\n                    to path.\n                  properties:\n                    fromPath:\n                      description: The path to copy contents from, defaults to the\n                        root directory.\n                      type: string\n                    repository:\n                      description: Reference to a GitRepository to include.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: The path to copy contents to, defaults to the name\n                        of the source ref.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to check for repository updates.\n                type: string\n              recurseSubmodules:\n                description: When enabled, after the clone is created, initializes\n                  all submodules within, using their default settings. This option\n                  is available only when using the 'go-git' GitImplementation.\n                type: boolean\n              ref:\n                description: The Git reference to checkout and monitor for changes,\n                  defaults to master branch.\n                properties:\n                  branch:\n                    description: The Git branch to checkout, defaults to master.\n                    type: string\n                  commit:\n                    description: The Git commit SHA to checkout, if specified Tag\n                      filters will be ignored.\n                    type: string\n                  semver:\n                    description: The Git tag semver expression, takes precedence over\n                      Tag.\n                    type: string\n                  tag:\n                    description: The Git tag to checkout, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: The secret name containing the Git credentials. For HTTPS\n                  repositories the secret must contain username and password fields.\n                  For SSH repositories the secret must contain identity and known_hosts\n                  fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for remote Git operations like cloning, defaults\n                  to 60s.\n                type: string\n              url:\n                description: The repository URL, can be a HTTP/S or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verify OpenPGP signature for the Git commit HEAD points\n                  to.\n                properties:\n                  mode:\n                    description: Mode describes what git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: The secret name containing the public keys of all\n                      trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus defines the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts represents the included artifacts from\n                  the last successful repository sync.\n                items:\n                  description: Artifact represents the output of a source synchronisation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the artifact.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of this artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of this artifact.\n                      type: string\n                    revision:\n                      description: Revision is a human readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm index timestamp, a Helm chart version, etc.\n                      type: string\n                    url:\n                      description: URL is the HTTP address of this artifact.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last repository sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec specifies the required configuration to\n              produce an Artifact for a Git repository.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: GitImplementation specifies which Git client library\n                  implementation to use. Defaults to 'go-git', valid values are ('go-git',\n                  'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Include specifies a list of GitRepository resources which\n                  Artifacts should be included in the Artifact produced for this GitRepository.\n                items:\n                  description: GitRepositoryInclude specifies a local reference to\n                    a GitRepository which Artifact (sub-)contents must be included,\n                    and where they should be placed.\n                  properties:\n                    fromPath:\n                      description: FromPath specifies the path to copy contents from,\n                        defaults to the root of the Artifact.\n                      type: string\n                    repository:\n                      description: GitRepositoryRef specifies the GitRepository which\n                        Artifact contents must be included.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: ToPath specifies the path to copy contents to,\n                        defaults to the name of the GitRepositoryRef.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: Interval at which to check the GitRepository for updates.\n                type: string\n              recurseSubmodules:\n                description: RecurseSubmodules enables the initialization of all submodules\n                  within the GitRepository as cloned from the URL, using their default\n                  settings. This option is available only when using the 'go-git'\n                  GitImplementation.\n                type: boolean\n              ref:\n                description: Reference specifies the Git reference to resolve and\n                  monitor for changes, defaults to the 'master' branch.\n                properties:\n                  branch:\n                    description: \"Branch to check out, defaults to 'master' if no\n                      other field is defined. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', a shallow clone of the specified branch\n                      is performed.\"\n                    type: string\n                  commit:\n                    description: \"Commit SHA to check out, takes precedence over all\n                      reference fields. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', this can be combined with Branch to shallow\n                      clone the branch, in which the commit is expected to exist.\"\n                    type: string\n                  semver:\n                    description: SemVer tag expression to check out, takes precedence\n                      over Tag.\n                    type: string\n                  tag:\n                    description: Tag to check out, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the GitRepository. For HTTPS repositories the Secret\n                  must contain 'username' and 'password' fields. For SSH repositories\n                  the Secret must contain 'identity' and 'known_hosts' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this GitRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for Git operations like cloning, defaults to\n                  60s.\n                type: string\n              url:\n                description: URL specifies the Git repository URL, it can be an HTTP/S\n                  or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verification specifies the configuration to verify the\n                  Git commit signature(s).\n                properties:\n                  mode:\n                    description: Mode specifies what Git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: SecretRef specifies the Secret containing the public\n                      keys of trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus records the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful GitRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts contains a list of the last successfully\n                  included Artifacts as instructed by GitRepositorySpec.Include.\n                items:\n                  description: Artifact represents the output of a Source reconciliation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the Artifact\n                        file.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of the Artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of the Artifact.\n                        It can be used to locate the file in the root of the Artifact\n                        storage on the local file system of the controller managing\n                        the Source.\n                      type: string\n                    revision:\n                      description: Revision is a human-readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm chart version, etc.\n                      type: string\n                    size:\n                      description: Size is the number of bytes in the file.\n                      format: int64\n                      type: integer\n                    url:\n                      description: URL is the HTTP address of the Artifact as exposed\n                        by the controller managing the Source. It can be used to retrieve\n                        the Artifact for consumption, e.g. by another controller applying\n                        the Artifact contents.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the GitRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise GitRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-              "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmcharts.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmChart\n    listKind: HelmChartList\n    plural: helmcharts\n    shortNames:\n    - hc\n    singular: helmchart\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec defines the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: The name or path the Helm chart is available at in the\n                  SourceRef.\n                type: string\n              interval:\n                description: The interval at which to check the Source for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: Determines what enables the creation of a new artifact.\n                  Valid values are ('ChartVersion', 'Revision'). See the documentation\n                  of the values for an explanation on their behavior. Defaults to\n                  ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: The reference to the Source the chart is available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: Alternative values file to use as the default chart values,\n                  expected to be a relative path in the SourceRef. Deprecated in favor\n                  of ValuesFiles, for backwards compatibility the file defined here\n                  is merged before the ValuesFiles items. Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: Alternative list of values files to use as the chart\n                  values (values.yaml is not included by default), expected to be\n                  a relative path in the SourceRef. Values files are merged in the\n                  order of this list with the last file overriding the first. Ignored\n                  when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: The chart version semver expression, ignored for charts\n                  from GitRepository and Bucket sources. Defaults to latest when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus defines the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  chart sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last chart pulled.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec specifies the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: Chart is the name or path the Helm chart is available\n                  at in the SourceRef.\n                type: string\n              interval:\n                description: Interval is the interval at which to check the Source\n                  for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: ReconcileStrategy determines what enables the creation\n                  of a new artifact. Valid values are ('ChartVersion', 'Revision').\n                  See the documentation of the values for an explanation on their\n                  behavior. Defaults to ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: SourceRef is the reference to the Source the chart is\n                  available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: ValuesFile is an alternative values file to use as the\n                  default chart values, expected to be a relative path in the SourceRef.\n                  Deprecated in favor of ValuesFiles, for backwards compatibility\n                  the file specified here is merged before the ValuesFiles items.\n                  Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: ValuesFiles is an alternative list of values files to\n                  use as the chart values (values.yaml is not included by default),\n                  expected to be a relative path in the SourceRef. Values files are\n                  merged in the order of this list with the last file overriding the\n                  first. Ignored when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: Version is the chart version semver expression, ignored\n                  for charts from GitRepository and Bucket sources. Defaults to latest\n                  when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus records the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedChartName:\n                description: ObservedChartName is the last observed chart name as\n                  specified by the resolved chart reference.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmChart object.\n                format: int64\n                type: integer\n              observedSourceArtifactRevision:\n                description: ObservedSourceArtifactRevision is the last observed Artifact.Revision\n                  of the HelmChartSpec.SourceRef.\n                type: string\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-              "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmreleases.helm.toolkit.fluxcd.io\nspec:\n  group: helm.toolkit.fluxcd.io\n  names:\n    kind: HelmRelease\n    listKind: HelmReleaseList\n    plural: helmreleases\n    shortNames:\n    - hr\n    singular: helmrelease\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v2beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRelease is the Schema for the helmreleases API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmReleaseSpec defines the desired state of a Helm release.\n            properties:\n              chart:\n                description: Chart defines the template of the v1beta2.HelmChart that\n                  should be created for this HelmRelease.\n                properties:\n                  spec:\n                    description: Spec holds the template for the v1beta2.HelmChartSpec\n                      for this HelmRelease.\n                    properties:\n                      chart:\n                        description: The name or path the Helm chart is available\n                          at in the SourceRef.\n                        type: string\n                      interval:\n                        description: Interval at which to check the v1beta2.Source\n                          for updates. Defaults to 'HelmReleaseSpec.Interval'.\n                        type: string\n                      reconcileStrategy:\n                        default: ChartVersion\n                        description: Determines what enables the creation of a new\n                          artifact. Valid values are ('ChartVersion', 'Revision').\n                          See the documentation of the values for an explanation on\n                          their behavior. Defaults to ChartVersion when omitted.\n                        enum:\n                        - ChartVersion\n                        - Revision\n                        type: string\n                      sourceRef:\n                        description: The name and namespace of the v1beta2.Source\n                          the chart is available at.\n                        properties:\n                          apiVersion:\n                            description: APIVersion of the referent.\n                            type: string\n                          kind:\n                            description: Kind of the referent.\n                            enum:\n                            - HelmRepository\n                            - GitRepository\n                            - Bucket\n                            type: string\n                          name:\n                            description: Name of the referent.\n                            maxLength: 253\n                            minLength: 1\n                            type: string\n                          namespace:\n                            description: Namespace of the referent.\n                            maxLength: 63\n                            minLength: 1\n                            type: string\n                        required:\n                        - name\n                        type: object\n                      valuesFile:\n                        description: Alternative values file to use as the default\n                          chart values, expected to be a relative path in the SourceRef.\n                          Deprecated in favor of ValuesFiles, for backwards compatibility\n                          the file defined here is merged before the ValuesFiles items.\n                          Ignored when omitted.\n                        type: string\n                      valuesFiles:\n                        description: Alternative list of values files to use as the\n                          chart values (values.yaml is not included by default), expected\n                          to be a relative path in the SourceRef. Values files are\n                          merged in the order of this list with the last file overriding\n                          the first. Ignored when omitted.\n                        items:\n                          type: string\n                        type: array\n                      version:\n                        default: '*'\n                        description: Version semver expression, ignored for charts\n                          from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults\n                          to latest when omitted.\n                        type: string\n                    required:\n                    - chart\n                    - sourceRef\n                    type: object\n                required:\n                - spec\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to HelmRelease resources that must be ready\n                  before this HelmRelease can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              install:\n                description: Install holds the configuration for Helm install actions\n                  for this HelmRelease.\n                properties:\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Create`\n                      and if omitted CRDs are installed but not updated. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are applied (installed) during Helm install action. With this\n                      option users can opt-in to CRD replace existing CRDs on Helm\n                      install actions, which is not (yet) natively supported by Helm.\n                      https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  createNamespace:\n                    description: CreateNamespace tells the Helm install action to\n                      create the HelmReleaseSpec.TargetNamespace if it does not exist\n                      yet. On uninstall, the namespace will not be garbage collected.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm install action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm install\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm install has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm install has been performed.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm install action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an install\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false'.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          an uninstall, is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                    type: object\n                  replace:\n                    description: Replace tells the Helm install action to re-use the\n                      'ReleaseName', but only if that name is a deleted release which\n                      remains in the history.\n                    type: boolean\n                  skipCRDs:\n                    description: \"SkipCRDs tells the Helm install action to not install\n                      any CRDs. By default, CRDs are installed if not already present.\n                      \\n Deprecated use CRD policy (`crds`) attribute with value `Skip`\n                      instead.\"\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              interval:\n                description: Interval at which to reconcile the Helm release.\n                type: string\n              kubeConfig:\n                description: KubeConfig for reconciling the HelmRelease on a remote\n                  cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a key with the kubeconfig file as the value. If no key is specified\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the HelmRelease. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the HelmRelease.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              maxHistory:\n                description: MaxHistory is the number of revisions saved by Helm for\n                  this HelmRelease. Use '0' for an unlimited number of revisions;\n                  defaults to '10'.\n                type: integer\n              postRenderers:\n                description: PostRenderers holds an array of Helm PostRenderers, which\n                  will be applied in order of their definition.\n                items:\n                  description: PostRenderer contains a Helm PostRenderer specification.\n                  properties:\n                    kustomize:\n                      description: Kustomization to apply as PostRenderer.\n                      properties:\n                        images:\n                          description: Images is a list of (image name, new name,\n                            new tag or digest) for changing image names, tags or digests.\n                            This can also be achieved with a patch, but this operator\n                            is simpler to specify.\n                          items:\n                            description: Image contains an image name, a new name,\n                              a new tag or digest, which will replace the original\n                              name and tag.\n                            properties:\n                              digest:\n                                description: Digest is the value used to replace the\n                                  original image tag. If digest is present NewTag\n                                  value is ignored.\n                                type: string\n                              name:\n                                description: Name is a tag-less image name.\n                                type: string\n                              newName:\n                                description: NewName is the value used to replace\n                                  the original name.\n                                type: string\n                              newTag:\n                                description: NewTag is the value used to replace the\n                                  original tag.\n                                type: string\n                            required:\n                            - name\n                            type: object\n                          type: array\n                        patches:\n                          description: Strategic merge and JSON patches, defined as\n                            inline YAML objects, capable of targeting objects based\n                            on kind, label and annotation selectors.\n                          items:\n                            description: Patch contains an inline StrategicMerge or\n                              JSON6902 patch, and the target the patch should be applied\n                              to.\n                            properties:\n                              patch:\n                                description: Patch contains an inline StrategicMerge\n                                  patch or an inline JSON6902 patch with an array\n                                  of operation objects.\n                                type: string\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            type: object\n                          type: array\n                        patchesJson6902:\n                          description: JSON 6902 patches, defined as inline YAML objects.\n                          items:\n                            description: JSON6902Patch contains a JSON6902 patch and\n                              the target the patch should be applied to.\n                            properties:\n                              patch:\n                                description: Patch contains the JSON6902 patch document\n                                  with an array of operation objects.\n                                items:\n                                  description: JSON6902 is a JSON6902 operation object.\n                                    https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                  properties:\n                                    from:\n                                      description: From contains a JSON-pointer value\n                                        that references a location within the target\n                                        document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      type: string\n                                    op:\n                                      description: Op indicates the operation to perform.\n                                        Its value MUST be one of \"add\", \"remove\",\n                                        \"replace\", \"move\", \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                      enum:\n                                      - test\n                                      - remove\n                                      - add\n                                      - replace\n                                      - move\n                                      - copy\n                                      type: string\n                                    path:\n                                      description: Path contains the JSON-pointer\n                                        value that references a location within the\n                                        target document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op.\n                                      type: string\n                                    value:\n                                      description: Value contains a valid JSON structure.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      x-kubernetes-preserve-unknown-fields: true\n                                  required:\n                                  - op\n                                  - path\n                                  type: object\n                                type: array\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            required:\n                            - patch\n                            - target\n                            type: object\n                          type: array\n                        patchesStrategicMerge:\n                          description: Strategic merge patches, defined as inline\n                            YAML objects.\n                          items:\n                            x-kubernetes-preserve-unknown-fields: true\n                          type: array\n                      type: object\n                  type: object\n                type: array\n              releaseName:\n                description: ReleaseName used for the Helm release. Defaults to a\n                  composition of '[TargetNamespace-]Name'.\n                maxLength: 53\n                minLength: 1\n                type: string\n              rollback:\n                description: Rollback holds the configuration for Helm rollback actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm rollback action when it fails.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm rollback has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm rollback has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  recreate:\n                    description: Recreate performs pod restarts for the resource if\n                      applicable.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this HelmRelease.\n                type: string\n              storageNamespace:\n                description: StorageNamespace used for the Helm storage. Defaults\n                  to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              suspend:\n                description: Suspend tells the controller to suspend reconciliation\n                  for this HelmRelease, it does not apply to already started reconciliations.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace to target when performing operations\n                  for the HelmRelease. Defaults to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              test:\n                description: Test holds the configuration for Helm test actions for\n                  this HelmRelease.\n                properties:\n                  enable:\n                    description: Enable enables Helm test actions for this HelmRelease\n                      after an Helm install or upgrade action has been performed.\n                    type: boolean\n                  ignoreFailures:\n                    description: IgnoreFailures tells the controller to skip remediation\n                      when the Helm tests are run but fail. Can be overwritten for\n                      tests run after install or upgrade actions in 'Install.IgnoreTestFailures'\n                      and 'Upgrade.IgnoreTestFailures'.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation during the performance of a Helm test action. Defaults\n                      to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              timeout:\n                description: Timeout is the time to wait for any individual Kubernetes\n                  operation (like Jobs for hooks) during the performance of a Helm\n                  action. Defaults to '5m0s'.\n                type: string\n              uninstall:\n                description: Uninstall holds the configuration for Helm uninstall\n                  actions for this HelmRelease.\n                properties:\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables waiting for all the resources\n                      to be deleted after a Helm uninstall is performed.\n                    type: boolean\n                  keepHistory:\n                    description: KeepHistory tells Helm to remove all associated resources\n                      and mark the release as deleted, but retain the release history.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              upgrade:\n                description: Upgrade holds the configuration for Helm upgrade actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm upgrade action when it fails.\n                    type: boolean\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and\n                      if omitted CRDs are neither installed nor upgraded. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are not applied during Helm upgrade action. With this option\n                      users can opt-in to CRD upgrade, which is not (yet) natively\n                      supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm upgrade action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm upgrade\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm upgrade has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm upgrade has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  preserveValues:\n                    description: PreserveValues will make Helm reuse the last release's\n                      values and merge in overrides from 'Values'. Setting this flag\n                      makes the HelmRelease non-declarative.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm upgrade action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an upgrade\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false' unless 'Retries' is greater than 0.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          'Strategy', is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                      strategy:\n                        description: Strategy to use for failure remediation. Defaults\n                          to 'rollback'.\n                        enum:\n                        - rollback\n                        - uninstall\n                        type: string\n                    type: object\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              values:\n                description: Values holds the values for this Helm release.\n                x-kubernetes-preserve-unknown-fields: true\n              valuesFrom:\n                description: ValuesFrom holds references to resources containing Helm\n                  values for this HelmRelease, and information about how they should\n                  be merged.\n                items:\n                  description: ValuesReference contains a reference to a resource\n                    containing Helm values, and optionally the key they can be found\n                    at.\n                  properties:\n                    kind:\n                      description: Kind of the values referent, valid values are ('Secret',\n                        'ConfigMap').\n                      enum:\n                      - Secret\n                      - ConfigMap\n                      type: string\n                    name:\n                      description: Name of the values referent. Should reside in the\n                        same namespace as the referring resource.\n                      maxLength: 253\n                      minLength: 1\n                      type: string\n                    optional:\n                      description: Optional marks this ValuesReference as optional.\n                        When set, a not found error for the values reference is ignored,\n                        but any ValuesKey, TargetPath or transient error will still\n                        result in a reconciliation failure.\n                      type: boolean\n                    targetPath:\n                      description: TargetPath is the YAML dot notation path the value\n                        should be merged at. When set, the ValuesKey is expected to\n                        be a single flat value. Defaults to 'None', which results\n                        in the values getting merged at the root.\n                      type: string\n                    valuesKey:\n                      description: ValuesKey is the data key where the values.yaml\n                        or a specific value can be found at. Defaults to 'values.yaml'.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n            required:\n            - chart\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmReleaseStatus defines the observed state of a HelmRelease.\n            properties:\n              conditions:\n                description: Conditions holds the conditions for the HelmRelease.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              failures:\n                description: Failures is the reconciliation failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              helmChart:\n                description: HelmChart is the namespaced name of the HelmChart resource\n                  created by the controller for the HelmRelease.\n                type: string\n              installFailures:\n                description: InstallFailures is the install failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              lastAppliedRevision:\n                description: LastAppliedRevision is the revision of the last successfully\n                  applied source.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastAttemptedValuesChecksum:\n                description: LastAttemptedValuesChecksum is the SHA1 checksum of the\n                  values of the last reconciliation attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              lastReleaseRevision:\n                description: LastReleaseRevision is the revision of the last successful\n                  Helm release.\n                type: integer\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              upgradeFailures:\n                description: UpgradeFailures is the upgrade failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-              "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmRepository\n    listKind: HelmRepositoryList\n    plural: helmrepositories\n    shortNames:\n    - helmrepo\n    singular: helmrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec defines the reference to a Helm repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: The interval at which to check the upstream for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Helm repository. For HTTP/S basic auth the secret must contain\n                  username and password fields. For TLS the secret must contain a\n                  certFile and keyFile, and/or caCert fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout of index downloading, defaults to 60s.\n                type: string\n              url:\n                description: The Helm repository URL, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus defines the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last index fetched.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec specifies the required configuration to\n              produce an Artifact for a Helm repository index YAML.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: Interval at which to check the URL for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the HelmRepository. For HTTP/S basic auth the secret\n                  must contain 'username' and 'password' fields. For TLS the secret\n                  must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this HelmRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout of the index fetch operation, defaults to 60s.\n                type: string\n              url:\n                description: URL of the Helm repository, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus records the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful HelmRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise HelmRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-              "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomizations.kustomize.toolkit.fluxcd.io\nspec:\n  group: kustomize.toolkit.fluxcd.io\n  names:\n    kind: Kustomization\n    listKind: KustomizationList\n    plural: kustomizations\n    shortNames:\n    - ks\n    singular: kustomization\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the desired state of a kustomization.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When specified, KubeConfig takes precedence over\n                  ServiceAccountName.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a 'value' key with the kubeconfig file as the value. It must\n                      be in the same namespace as the Kustomization. It is recommended\n                      that the kubeconfig is self-contained, and the secret is regularly\n                      updated if credentials such as a cloud-access-token expire.\n                      Cloud specific `cmd-path` auth helpers will not function without\n                      adding binaries and credentials to the Pod that is responsible\n                      for reconciling the Kustomization.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: JSON 6902 patches, defined as inline YAML objects.\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: Strategic merge patches, defined as inline YAML objects.\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent\n                    type: string\n                  kind:\n                    description: Kind of the referent\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the Kustomization\n                      namespace\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: Validate the Kubernetes objects before applying them\n                  on the cluster. The validation strategy can be 'client' (local dry-run),\n                  'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',\n                  validation will fallback to 'client' if set to 'server' because\n                  server-side validation is not supported in this scenario.\n                enum:\n                - none\n                - client\n                - server\n                type: string\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n              snapshot:\n                description: The last successfully applied revision metadata.\n                properties:\n                  checksum:\n                    description: The manifests sha1 checksum.\n                    type: string\n                  entries:\n                    description: A list of Kubernetes kinds grouped by namespace.\n                    items:\n                      description: Snapshot holds the metadata of namespaced Kubernetes\n                        objects\n                      properties:\n                        kinds:\n                          additionalProperties:\n                            type: string\n                          description: The list of Kubernetes kinds.\n                          type: object\n                        namespace:\n                          description: The namespace of this entry.\n                          type: string\n                      required:\n                      - kinds\n                      type: object\n                    type: array\n                required:\n                - checksum\n                - entries\n                type: object\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the configuration to calculate\n              the desired state from a Source using Kustomize.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name of a secret that contains\n                      a key with the kubeconfig file as the value. If no key is set,\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the Kustomization. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the Kustomization.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:\n                  Use Patches instead.'\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: 'Strategic merge patches, defined as inline YAML objects.\n                  Deprecated: Use Patches instead.'\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                        optional:\n                          default: false\n                          description: Optional indicates whether the referenced resource\n                            must exist, or whether to tolerate its absence. If true\n                            and the referenced resource is absent, proceed as if the\n                            resource was present but empty, without any variables\n                            defined.\n                          type: boolean\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent.\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the namespace\n                      of the Kubernetes resource object that contains the reference.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: 'Deprecated: Not used in v1beta2.'\n                enum:\n                - none\n                - client\n                - server\n                type: string\n              wait:\n                description: Wait instructs the controller to check the health of\n                  all the reconciled resources. When enabled, the HealthChecks are\n                  ignored. Defaults to false.\n                type: boolean\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              inventory:\n                description: Inventory contains the list of Kubernetes resource object\n                  references that have been successfully applied.\n                properties:\n                  entries:\n                    description: Entries of Kubernetes resource object references.\n                    items:\n                      description: ResourceRef contains the information necessary\n                        to locate a resource within a cluster.\n                      properties:\n                        id:\n                          description: ID is the string representation of the Kubernetes\n                            resource object's metadata, in the format '\u003cnamespace\u003e_\u003cname\u003e_\u003cgroup\u003e_\u003ckind\u003e'.\n                          type: string\n                        v:\n                          description: Version is the API version of the Kubernetes\n                            resource object's kind.\n                          type: string\n                      required:\n                      - id\n                      - v\n                      type: object\n                    type: array\n                required:\n                - entries\n                type: object\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-              "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: providers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Provider\n    listKind: ProviderList\n    plural: providers\n    singular: provider\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Provider is the Schema for the providers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ProviderSpec defines the desired state of Provider\n            properties:\n              address:\n                description: HTTP/S webhook address of this provider\n                pattern: ^(http|https)://\n                type: string\n              certSecretRef:\n                description: CertSecretRef can be given the name of a secret containing\n                  a PEM-encoded CA certificate (`caFile`)\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              channel:\n                description: Alert channel for this provider\n                type: string\n              proxy:\n                description: HTTP/S address of the proxy\n                pattern: ^(http|https)://\n                type: string\n              secretRef:\n                description: Secret reference containing the provider webhook URL\n                  using \"address\" as data key\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of provider\n                enum:\n                - slack\n                - discord\n                - msteams\n                - rocket\n                - generic\n                - github\n                - gitlab\n                - bitbucket\n                - azuredevops\n                - googlechat\n                - webex\n                - sentry\n                - azureeventhub\n                - telegram\n                - lark\n                - matrix\n                - opsgenie\n                - alertmanager\n                - grafana\n                type: string\n              username:\n                description: Bot username for this provider\n                type: string\n            required:\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ProviderStatus defines the observed state of Provider\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-              "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: receivers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Receiver\n    listKind: ReceiverList\n    plural: receivers\n    singular: receiver\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Receiver is the Schema for the receivers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ReceiverSpec defines the desired state of Receiver\n            properties:\n              events:\n                description: A list of events to handle, e.g. 'push' for GitHub or\n                  'Push Hook' for GitLab.\n                items:\n                  type: string\n                type: array\n              resources:\n                description: A list of resources to be notified about changes.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              secretRef:\n                description: Secret reference containing the token used to validate\n                  the payload authenticity\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of webhook sender, used to determine the validation\n                  procedure and payload deserialization.\n                enum:\n                - generic\n                - generic-hmac\n                - github\n                - gitlab\n                - bitbucket\n                - harbor\n                - dockerhub\n                - quay\n                - gcr\n                - nexus\n                - acr\n                type: string\n            required:\n            - resources\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ReceiverStatus defines the observed state of Receiver\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-              "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helm-controller\n  namespace: flux-system",
-              "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomize-controller\n  namespace: flux-system",
-              "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: notification-controller\n  namespace: flux-system",
-              "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: source-controller\n  namespace: flux-system",
-              "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nrules:\n- apiGroups:\n  - source.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - kustomize.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - helm.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - notification.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - image.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - \"\"\n  resources:\n  - namespaces\n  - secrets\n  - configmaps\n  - serviceaccounts\n  verbs:\n  - get\n  - list\n  - watch\n- apiGroups:\n  - \"\"\n  resources:\n  - events\n  verbs:\n  - create\n  - patch\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps/status\n  verbs:\n  - get\n  - update\n  - patch\n- apiGroups:\n  - coordination.k8s.io\n  resources:\n  - leases\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete",
-              "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: cluster-reconciler-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system",
-              "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: crd-controller-flux-system\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: source-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: notification-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-reflector-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-automation-controller\n  namespace: flux-system",
-              "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: notification-controller\n  type: ClusterIP",
-              "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: source-controller\n  type: ClusterIP",
-              "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: webhook-receiver\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http-webhook\n  selector:\n    app: notification-controller\n  type: ClusterIP",
-              "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: helm-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: helm-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: helm-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/helm-controller:v0.21.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: helm-controller\n      terminationGracePeriodSeconds: 600\n      volumes:\n      - emptyDir: {}\n        name: temp",
-              "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: kustomize-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: kustomize-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: kustomize-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/kustomize-controller:v0.25.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: kustomize-controller\n      terminationGracePeriodSeconds: 60\n      volumes:\n      - emptyDir: {}\n        name: temp",
-              "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: notification-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: notification-controller\n    spec:\n      containers:\n      - args:\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/notification-controller:v0.23.5\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 9292\n          name: http-webhook\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: notification-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: temp",
-              "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: source-controller\n  strategy:\n    type: Recreate\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: source-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        - --storage-path=/data\n        - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/source-controller:v0.24.4\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /\n            port: http\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 50m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /data\n          name: data\n        - mountPath: /tmp\n          name: tmp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: source-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: data\n      - emptyDir: {}\n        name: tmp"
-            ],
-            "id": "974058759fd5b58b22f593bc00fac71b8ed7f6b34500fcda526f255a071cd7b5",
-            "manifests": {
-              "/api/v1/namespaces/flux-system": "apiVersion: v1\nkind: Namespace\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    pod-security.kubernetes.io/warn: restricted\n    pod-security.kubernetes.io/warn-version: latest\n  name: flux-system\n",
-              "/api/v1/namespaces/flux-system/serviceaccounts/helm-controller": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helm-controller\n  namespace: flux-system\n",
-              "/api/v1/namespaces/flux-system/serviceaccounts/kustomize-controller": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomize-controller\n  namespace: flux-system\n",
-              "/api/v1/namespaces/flux-system/serviceaccounts/notification-controller": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: notification-controller\n  namespace: flux-system\n",
-              "/api/v1/namespaces/flux-system/serviceaccounts/source-controller": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: source-controller\n  namespace: flux-system\n",
-              "/api/v1/namespaces/flux-system/services/notification-controller": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: notification-controller\n  type: ClusterIP\n",
-              "/api/v1/namespaces/flux-system/services/source-controller": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: source-controller\n  type: ClusterIP\n",
-              "/api/v1/namespaces/flux-system/services/webhook-receiver": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: webhook-receiver\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http-webhook\n  selector:\n    app: notification-controller\n  type: ClusterIP\n",
-              "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/alerts.notification.toolkit.fluxcd.io": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: alerts.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Alert\n    listKind: AlertList\n    plural: alerts\n    singular: alert\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Alert is the Schema for the alerts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: AlertSpec defines an alerting rule for events involving a\n              list of objects\n            properties:\n              eventSeverity:\n                default: info\n                description: Filter events based on severity, defaults to ('info').\n                  If set to 'info' no events will be filtered.\n                enum:\n                - info\n                - error\n                type: string\n              eventSources:\n                description: Filter events based on the involved objects.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              exclusionList:\n                description: A list of Golang regular expressions to be used for excluding\n                  messages.\n                items:\n                  type: string\n                type: array\n              providerRef:\n                description: Send events using this provider.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              summary:\n                description: Short description of the impact and affected cluster.\n                type: string\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events dispatching. Defaults to false.\n                type: boolean\n            required:\n            - eventSources\n            - providerRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: AlertStatus defines the observed state of Alert\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-              "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/buckets.source.toolkit.fluxcd.io": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: buckets.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: Bucket\n    listKind: BucketList\n    plural: buckets\n    singular: bucket\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec defines the desired state of an S3 compatible\n              bucket\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: The bucket name.\n                type: string\n              endpoint:\n                description: The bucket endpoint address.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.\n                type: boolean\n              interval:\n                description: The interval at which to check for bucket updates.\n                type: string\n              provider:\n                default: generic\n                description: The S3 compatible storage provider name, default ('generic').\n                enum:\n                - generic\n                - aws\n                - gcp\n                type: string\n              region:\n                description: The bucket region.\n                type: string\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for download operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus defines the observed state of a bucket\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  Bucket sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last Bucket sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec specifies the required configuration to produce\n              an Artifact for an object storage bucket.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: BucketName is the name of the object storage bucket.\n                type: string\n              endpoint:\n                description: Endpoint is the object storage address the BucketName\n                  is located at.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS HTTP Endpoint.\n                type: boolean\n              interval:\n                description: Interval at which to check the Endpoint for updates.\n                type: string\n              provider:\n                default: generic\n                description: Provider of the object storage bucket. Defaults to 'generic',\n                  which expects an S3 (API) compatible object storage.\n                enum:\n                - generic\n                - aws\n                - gcp\n                - azure\n                type: string\n              region:\n                description: Region of the Endpoint where the BucketName is located\n                  in.\n                type: string\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this Bucket.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for fetch operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus records the observed state of a Bucket.\n            properties:\n              artifact:\n                description: Artifact represents the last successful Bucket reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the Bucket object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-              "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/gitrepositories.source.toolkit.fluxcd.io": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: gitrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: GitRepository\n    listKind: GitRepositoryList\n    plural: gitrepositories\n    shortNames:\n    - gitrepo\n    singular: gitrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec defines the desired state of a Git repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: Determines which git client library to use. Defaults\n                  to go-git, valid values are ('go-git', 'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Extra git repositories to map into the repository\n                items:\n                  description: GitRepositoryInclude defines a source with a from and\n                    to path.\n                  properties:\n                    fromPath:\n                      description: The path to copy contents from, defaults to the\n                        root directory.\n                      type: string\n                    repository:\n                      description: Reference to a GitRepository to include.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: The path to copy contents to, defaults to the name\n                        of the source ref.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to check for repository updates.\n                type: string\n              recurseSubmodules:\n                description: When enabled, after the clone is created, initializes\n                  all submodules within, using their default settings. This option\n                  is available only when using the 'go-git' GitImplementation.\n                type: boolean\n              ref:\n                description: The Git reference to checkout and monitor for changes,\n                  defaults to master branch.\n                properties:\n                  branch:\n                    description: The Git branch to checkout, defaults to master.\n                    type: string\n                  commit:\n                    description: The Git commit SHA to checkout, if specified Tag\n                      filters will be ignored.\n                    type: string\n                  semver:\n                    description: The Git tag semver expression, takes precedence over\n                      Tag.\n                    type: string\n                  tag:\n                    description: The Git tag to checkout, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: The secret name containing the Git credentials. For HTTPS\n                  repositories the secret must contain username and password fields.\n                  For SSH repositories the secret must contain identity and known_hosts\n                  fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for remote Git operations like cloning, defaults\n                  to 60s.\n                type: string\n              url:\n                description: The repository URL, can be a HTTP/S or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verify OpenPGP signature for the Git commit HEAD points\n                  to.\n                properties:\n                  mode:\n                    description: Mode describes what git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: The secret name containing the public keys of all\n                      trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus defines the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts represents the included artifacts from\n                  the last successful repository sync.\n                items:\n                  description: Artifact represents the output of a source synchronisation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the artifact.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of this artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of this artifact.\n                      type: string\n                    revision:\n                      description: Revision is a human readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm index timestamp, a Helm chart version, etc.\n                      type: string\n                    url:\n                      description: URL is the HTTP address of this artifact.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last repository sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec specifies the required configuration to\n              produce an Artifact for a Git repository.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: GitImplementation specifies which Git client library\n                  implementation to use. Defaults to 'go-git', valid values are ('go-git',\n                  'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Include specifies a list of GitRepository resources which\n                  Artifacts should be included in the Artifact produced for this GitRepository.\n                items:\n                  description: GitRepositoryInclude specifies a local reference to\n                    a GitRepository which Artifact (sub-)contents must be included,\n                    and where they should be placed.\n                  properties:\n                    fromPath:\n                      description: FromPath specifies the path to copy contents from,\n                        defaults to the root of the Artifact.\n                      type: string\n                    repository:\n                      description: GitRepositoryRef specifies the GitRepository which\n                        Artifact contents must be included.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: ToPath specifies the path to copy contents to,\n                        defaults to the name of the GitRepositoryRef.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: Interval at which to check the GitRepository for updates.\n                type: string\n              recurseSubmodules:\n                description: RecurseSubmodules enables the initialization of all submodules\n                  within the GitRepository as cloned from the URL, using their default\n                  settings. This option is available only when using the 'go-git'\n                  GitImplementation.\n                type: boolean\n              ref:\n                description: Reference specifies the Git reference to resolve and\n                  monitor for changes, defaults to the 'master' branch.\n                properties:\n                  branch:\n                    description: \"Branch to check out, defaults to 'master' if no\n                      other field is defined. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', a shallow clone of the specified branch\n                      is performed.\"\n                    type: string\n                  commit:\n                    description: \"Commit SHA to check out, takes precedence over all\n                      reference fields. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', this can be combined with Branch to shallow\n                      clone the branch, in which the commit is expected to exist.\"\n                    type: string\n                  semver:\n                    description: SemVer tag expression to check out, takes precedence\n                      over Tag.\n                    type: string\n                  tag:\n                    description: Tag to check out, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the GitRepository. For HTTPS repositories the Secret\n                  must contain 'username' and 'password' fields. For SSH repositories\n                  the Secret must contain 'identity' and 'known_hosts' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this GitRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for Git operations like cloning, defaults to\n                  60s.\n                type: string\n              url:\n                description: URL specifies the Git repository URL, it can be an HTTP/S\n                  or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verification specifies the configuration to verify the\n                  Git commit signature(s).\n                properties:\n                  mode:\n                    description: Mode specifies what Git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: SecretRef specifies the Secret containing the public\n                      keys of trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus records the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful GitRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts contains a list of the last successfully\n                  included Artifacts as instructed by GitRepositorySpec.Include.\n                items:\n                  description: Artifact represents the output of a Source reconciliation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the Artifact\n                        file.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of the Artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of the Artifact.\n                        It can be used to locate the file in the root of the Artifact\n                        storage on the local file system of the controller managing\n                        the Source.\n                      type: string\n                    revision:\n                      description: Revision is a human-readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm chart version, etc.\n                      type: string\n                    size:\n                      description: Size is the number of bytes in the file.\n                      format: int64\n                      type: integer\n                    url:\n                      description: URL is the HTTP address of the Artifact as exposed\n                        by the controller managing the Source. It can be used to retrieve\n                        the Artifact for consumption, e.g. by another controller applying\n                        the Artifact contents.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the GitRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise GitRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-              "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/helmcharts.source.toolkit.fluxcd.io": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmcharts.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmChart\n    listKind: HelmChartList\n    plural: helmcharts\n    shortNames:\n    - hc\n    singular: helmchart\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec defines the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: The name or path the Helm chart is available at in the\n                  SourceRef.\n                type: string\n              interval:\n                description: The interval at which to check the Source for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: Determines what enables the creation of a new artifact.\n                  Valid values are ('ChartVersion', 'Revision'). See the documentation\n                  of the values for an explanation on their behavior. Defaults to\n                  ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: The reference to the Source the chart is available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: Alternative values file to use as the default chart values,\n                  expected to be a relative path in the SourceRef. Deprecated in favor\n                  of ValuesFiles, for backwards compatibility the file defined here\n                  is merged before the ValuesFiles items. Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: Alternative list of values files to use as the chart\n                  values (values.yaml is not included by default), expected to be\n                  a relative path in the SourceRef. Values files are merged in the\n                  order of this list with the last file overriding the first. Ignored\n                  when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: The chart version semver expression, ignored for charts\n                  from GitRepository and Bucket sources. Defaults to latest when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus defines the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  chart sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last chart pulled.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec specifies the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: Chart is the name or path the Helm chart is available\n                  at in the SourceRef.\n                type: string\n              interval:\n                description: Interval is the interval at which to check the Source\n                  for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: ReconcileStrategy determines what enables the creation\n                  of a new artifact. Valid values are ('ChartVersion', 'Revision').\n                  See the documentation of the values for an explanation on their\n                  behavior. Defaults to ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: SourceRef is the reference to the Source the chart is\n                  available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: ValuesFile is an alternative values file to use as the\n                  default chart values, expected to be a relative path in the SourceRef.\n                  Deprecated in favor of ValuesFiles, for backwards compatibility\n                  the file specified here is merged before the ValuesFiles items.\n                  Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: ValuesFiles is an alternative list of values files to\n                  use as the chart values (values.yaml is not included by default),\n                  expected to be a relative path in the SourceRef. Values files are\n                  merged in the order of this list with the last file overriding the\n                  first. Ignored when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: Version is the chart version semver expression, ignored\n                  for charts from GitRepository and Bucket sources. Defaults to latest\n                  when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus records the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedChartName:\n                description: ObservedChartName is the last observed chart name as\n                  specified by the resolved chart reference.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmChart object.\n                format: int64\n                type: integer\n              observedSourceArtifactRevision:\n                description: ObservedSourceArtifactRevision is the last observed Artifact.Revision\n                  of the HelmChartSpec.SourceRef.\n                type: string\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-              "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/helmreleases.helm.toolkit.fluxcd.io": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmreleases.helm.toolkit.fluxcd.io\nspec:\n  group: helm.toolkit.fluxcd.io\n  names:\n    kind: HelmRelease\n    listKind: HelmReleaseList\n    plural: helmreleases\n    shortNames:\n    - hr\n    singular: helmrelease\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v2beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRelease is the Schema for the helmreleases API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmReleaseSpec defines the desired state of a Helm release.\n            properties:\n              chart:\n                description: Chart defines the template of the v1beta2.HelmChart that\n                  should be created for this HelmRelease.\n                properties:\n                  spec:\n                    description: Spec holds the template for the v1beta2.HelmChartSpec\n                      for this HelmRelease.\n                    properties:\n                      chart:\n                        description: The name or path the Helm chart is available\n                          at in the SourceRef.\n                        type: string\n                      interval:\n                        description: Interval at which to check the v1beta2.Source\n                          for updates. Defaults to 'HelmReleaseSpec.Interval'.\n                        type: string\n                      reconcileStrategy:\n                        default: ChartVersion\n                        description: Determines what enables the creation of a new\n                          artifact. Valid values are ('ChartVersion', 'Revision').\n                          See the documentation of the values for an explanation on\n                          their behavior. Defaults to ChartVersion when omitted.\n                        enum:\n                        - ChartVersion\n                        - Revision\n                        type: string\n                      sourceRef:\n                        description: The name and namespace of the v1beta2.Source\n                          the chart is available at.\n                        properties:\n                          apiVersion:\n                            description: APIVersion of the referent.\n                            type: string\n                          kind:\n                            description: Kind of the referent.\n                            enum:\n                            - HelmRepository\n                            - GitRepository\n                            - Bucket\n                            type: string\n                          name:\n                            description: Name of the referent.\n                            maxLength: 253\n                            minLength: 1\n                            type: string\n                          namespace:\n                            description: Namespace of the referent.\n                            maxLength: 63\n                            minLength: 1\n                            type: string\n                        required:\n                        - name\n                        type: object\n                      valuesFile:\n                        description: Alternative values file to use as the default\n                          chart values, expected to be a relative path in the SourceRef.\n                          Deprecated in favor of ValuesFiles, for backwards compatibility\n                          the file defined here is merged before the ValuesFiles items.\n                          Ignored when omitted.\n                        type: string\n                      valuesFiles:\n                        description: Alternative list of values files to use as the\n                          chart values (values.yaml is not included by default), expected\n                          to be a relative path in the SourceRef. Values files are\n                          merged in the order of this list with the last file overriding\n                          the first. Ignored when omitted.\n                        items:\n                          type: string\n                        type: array\n                      version:\n                        default: '*'\n                        description: Version semver expression, ignored for charts\n                          from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults\n                          to latest when omitted.\n                        type: string\n                    required:\n                    - chart\n                    - sourceRef\n                    type: object\n                required:\n                - spec\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to HelmRelease resources that must be ready\n                  before this HelmRelease can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              install:\n                description: Install holds the configuration for Helm install actions\n                  for this HelmRelease.\n                properties:\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Create`\n                      and if omitted CRDs are installed but not updated. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are applied (installed) during Helm install action. With this\n                      option users can opt-in to CRD replace existing CRDs on Helm\n                      install actions, which is not (yet) natively supported by Helm.\n                      https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  createNamespace:\n                    description: CreateNamespace tells the Helm install action to\n                      create the HelmReleaseSpec.TargetNamespace if it does not exist\n                      yet. On uninstall, the namespace will not be garbage collected.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm install action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm install\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm install has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm install has been performed.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm install action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an install\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false'.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          an uninstall, is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                    type: object\n                  replace:\n                    description: Replace tells the Helm install action to re-use the\n                      'ReleaseName', but only if that name is a deleted release which\n                      remains in the history.\n                    type: boolean\n                  skipCRDs:\n                    description: \"SkipCRDs tells the Helm install action to not install\n                      any CRDs. By default, CRDs are installed if not already present.\n                      \\n Deprecated use CRD policy (`crds`) attribute with value `Skip`\n                      instead.\"\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              interval:\n                description: Interval at which to reconcile the Helm release.\n                type: string\n              kubeConfig:\n                description: KubeConfig for reconciling the HelmRelease on a remote\n                  cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a key with the kubeconfig file as the value. If no key is specified\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the HelmRelease. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the HelmRelease.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              maxHistory:\n                description: MaxHistory is the number of revisions saved by Helm for\n                  this HelmRelease. Use '0' for an unlimited number of revisions;\n                  defaults to '10'.\n                type: integer\n              postRenderers:\n                description: PostRenderers holds an array of Helm PostRenderers, which\n                  will be applied in order of their definition.\n                items:\n                  description: PostRenderer contains a Helm PostRenderer specification.\n                  properties:\n                    kustomize:\n                      description: Kustomization to apply as PostRenderer.\n                      properties:\n                        images:\n                          description: Images is a list of (image name, new name,\n                            new tag or digest) for changing image names, tags or digests.\n                            This can also be achieved with a patch, but this operator\n                            is simpler to specify.\n                          items:\n                            description: Image contains an image name, a new name,\n                              a new tag or digest, which will replace the original\n                              name and tag.\n                            properties:\n                              digest:\n                                description: Digest is the value used to replace the\n                                  original image tag. If digest is present NewTag\n                                  value is ignored.\n                                type: string\n                              name:\n                                description: Name is a tag-less image name.\n                                type: string\n                              newName:\n                                description: NewName is the value used to replace\n                                  the original name.\n                                type: string\n                              newTag:\n                                description: NewTag is the value used to replace the\n                                  original tag.\n                                type: string\n                            required:\n                            - name\n                            type: object\n                          type: array\n                        patches:\n                          description: Strategic merge and JSON patches, defined as\n                            inline YAML objects, capable of targeting objects based\n                            on kind, label and annotation selectors.\n                          items:\n                            description: Patch contains an inline StrategicMerge or\n                              JSON6902 patch, and the target the patch should be applied\n                              to.\n                            properties:\n                              patch:\n                                description: Patch contains an inline StrategicMerge\n                                  patch or an inline JSON6902 patch with an array\n                                  of operation objects.\n                                type: string\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            type: object\n                          type: array\n                        patchesJson6902:\n                          description: JSON 6902 patches, defined as inline YAML objects.\n                          items:\n                            description: JSON6902Patch contains a JSON6902 patch and\n                              the target the patch should be applied to.\n                            properties:\n                              patch:\n                                description: Patch contains the JSON6902 patch document\n                                  with an array of operation objects.\n                                items:\n                                  description: JSON6902 is a JSON6902 operation object.\n                                    https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                  properties:\n                                    from:\n                                      description: From contains a JSON-pointer value\n                                        that references a location within the target\n                                        document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      type: string\n                                    op:\n                                      description: Op indicates the operation to perform.\n                                        Its value MUST be one of \"add\", \"remove\",\n                                        \"replace\", \"move\", \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                      enum:\n                                      - test\n                                      - remove\n                                      - add\n                                      - replace\n                                      - move\n                                      - copy\n                                      type: string\n                                    path:\n                                      description: Path contains the JSON-pointer\n                                        value that references a location within the\n                                        target document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op.\n                                      type: string\n                                    value:\n                                      description: Value contains a valid JSON structure.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      x-kubernetes-preserve-unknown-fields: true\n                                  required:\n                                  - op\n                                  - path\n                                  type: object\n                                type: array\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            required:\n                            - patch\n                            - target\n                            type: object\n                          type: array\n                        patchesStrategicMerge:\n                          description: Strategic merge patches, defined as inline\n                            YAML objects.\n                          items:\n                            x-kubernetes-preserve-unknown-fields: true\n                          type: array\n                      type: object\n                  type: object\n                type: array\n              releaseName:\n                description: ReleaseName used for the Helm release. Defaults to a\n                  composition of '[TargetNamespace-]Name'.\n                maxLength: 53\n                minLength: 1\n                type: string\n              rollback:\n                description: Rollback holds the configuration for Helm rollback actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm rollback action when it fails.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm rollback has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm rollback has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  recreate:\n                    description: Recreate performs pod restarts for the resource if\n                      applicable.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this HelmRelease.\n                type: string\n              storageNamespace:\n                description: StorageNamespace used for the Helm storage. Defaults\n                  to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              suspend:\n                description: Suspend tells the controller to suspend reconciliation\n                  for this HelmRelease, it does not apply to already started reconciliations.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace to target when performing operations\n                  for the HelmRelease. Defaults to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              test:\n                description: Test holds the configuration for Helm test actions for\n                  this HelmRelease.\n                properties:\n                  enable:\n                    description: Enable enables Helm test actions for this HelmRelease\n                      after an Helm install or upgrade action has been performed.\n                    type: boolean\n                  ignoreFailures:\n                    description: IgnoreFailures tells the controller to skip remediation\n                      when the Helm tests are run but fail. Can be overwritten for\n                      tests run after install or upgrade actions in 'Install.IgnoreTestFailures'\n                      and 'Upgrade.IgnoreTestFailures'.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation during the performance of a Helm test action. Defaults\n                      to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              timeout:\n                description: Timeout is the time to wait for any individual Kubernetes\n                  operation (like Jobs for hooks) during the performance of a Helm\n                  action. Defaults to '5m0s'.\n                type: string\n              uninstall:\n                description: Uninstall holds the configuration for Helm uninstall\n                  actions for this HelmRelease.\n                properties:\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables waiting for all the resources\n                      to be deleted after a Helm uninstall is performed.\n                    type: boolean\n                  keepHistory:\n                    description: KeepHistory tells Helm to remove all associated resources\n                      and mark the release as deleted, but retain the release history.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              upgrade:\n                description: Upgrade holds the configuration for Helm upgrade actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm upgrade action when it fails.\n                    type: boolean\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and\n                      if omitted CRDs are neither installed nor upgraded. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are not applied during Helm upgrade action. With this option\n                      users can opt-in to CRD upgrade, which is not (yet) natively\n                      supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm upgrade action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm upgrade\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm upgrade has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm upgrade has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  preserveValues:\n                    description: PreserveValues will make Helm reuse the last release's\n                      values and merge in overrides from 'Values'. Setting this flag\n                      makes the HelmRelease non-declarative.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm upgrade action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an upgrade\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false' unless 'Retries' is greater than 0.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          'Strategy', is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                      strategy:\n                        description: Strategy to use for failure remediation. Defaults\n                          to 'rollback'.\n                        enum:\n                        - rollback\n                        - uninstall\n                        type: string\n                    type: object\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              values:\n                description: Values holds the values for this Helm release.\n                x-kubernetes-preserve-unknown-fields: true\n              valuesFrom:\n                description: ValuesFrom holds references to resources containing Helm\n                  values for this HelmRelease, and information about how they should\n                  be merged.\n                items:\n                  description: ValuesReference contains a reference to a resource\n                    containing Helm values, and optionally the key they can be found\n                    at.\n                  properties:\n                    kind:\n                      description: Kind of the values referent, valid values are ('Secret',\n                        'ConfigMap').\n                      enum:\n                      - Secret\n                      - ConfigMap\n                      type: string\n                    name:\n                      description: Name of the values referent. Should reside in the\n                        same namespace as the referring resource.\n                      maxLength: 253\n                      minLength: 1\n                      type: string\n                    optional:\n                      description: Optional marks this ValuesReference as optional.\n                        When set, a not found error for the values reference is ignored,\n                        but any ValuesKey, TargetPath or transient error will still\n                        result in a reconciliation failure.\n                      type: boolean\n                    targetPath:\n                      description: TargetPath is the YAML dot notation path the value\n                        should be merged at. When set, the ValuesKey is expected to\n                        be a single flat value. Defaults to 'None', which results\n                        in the values getting merged at the root.\n                      type: string\n                    valuesKey:\n                      description: ValuesKey is the data key where the values.yaml\n                        or a specific value can be found at. Defaults to 'values.yaml'.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n            required:\n            - chart\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmReleaseStatus defines the observed state of a HelmRelease.\n            properties:\n              conditions:\n                description: Conditions holds the conditions for the HelmRelease.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              failures:\n                description: Failures is the reconciliation failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              helmChart:\n                description: HelmChart is the namespaced name of the HelmChart resource\n                  created by the controller for the HelmRelease.\n                type: string\n              installFailures:\n                description: InstallFailures is the install failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              lastAppliedRevision:\n                description: LastAppliedRevision is the revision of the last successfully\n                  applied source.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastAttemptedValuesChecksum:\n                description: LastAttemptedValuesChecksum is the SHA1 checksum of the\n                  values of the last reconciliation attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              lastReleaseRevision:\n                description: LastReleaseRevision is the revision of the last successful\n                  Helm release.\n                type: integer\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              upgradeFailures:\n                description: UpgradeFailures is the upgrade failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-              "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/helmrepositories.source.toolkit.fluxcd.io": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmRepository\n    listKind: HelmRepositoryList\n    plural: helmrepositories\n    shortNames:\n    - helmrepo\n    singular: helmrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec defines the reference to a Helm repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: The interval at which to check the upstream for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Helm repository. For HTTP/S basic auth the secret must contain\n                  username and password fields. For TLS the secret must contain a\n                  certFile and keyFile, and/or caCert fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout of index downloading, defaults to 60s.\n                type: string\n              url:\n                description: The Helm repository URL, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus defines the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last index fetched.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec specifies the required configuration to\n              produce an Artifact for a Helm repository index YAML.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: Interval at which to check the URL for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the HelmRepository. For HTTP/S basic auth the secret\n                  must contain 'username' and 'password' fields. For TLS the secret\n                  must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this HelmRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout of the index fetch operation, defaults to 60s.\n                type: string\n              url:\n                description: URL of the Helm repository, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus records the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful HelmRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise HelmRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-              "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/kustomizations.kustomize.toolkit.fluxcd.io": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomizations.kustomize.toolkit.fluxcd.io\nspec:\n  group: kustomize.toolkit.fluxcd.io\n  names:\n    kind: Kustomization\n    listKind: KustomizationList\n    plural: kustomizations\n    shortNames:\n    - ks\n    singular: kustomization\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the desired state of a kustomization.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When specified, KubeConfig takes precedence over\n                  ServiceAccountName.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a 'value' key with the kubeconfig file as the value. It must\n                      be in the same namespace as the Kustomization. It is recommended\n                      that the kubeconfig is self-contained, and the secret is regularly\n                      updated if credentials such as a cloud-access-token expire.\n                      Cloud specific `cmd-path` auth helpers will not function without\n                      adding binaries and credentials to the Pod that is responsible\n                      for reconciling the Kustomization.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: JSON 6902 patches, defined as inline YAML objects.\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: Strategic merge patches, defined as inline YAML objects.\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent\n                    type: string\n                  kind:\n                    description: Kind of the referent\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the Kustomization\n                      namespace\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: Validate the Kubernetes objects before applying them\n                  on the cluster. The validation strategy can be 'client' (local dry-run),\n                  'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',\n                  validation will fallback to 'client' if set to 'server' because\n                  server-side validation is not supported in this scenario.\n                enum:\n                - none\n                - client\n                - server\n                type: string\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n              snapshot:\n                description: The last successfully applied revision metadata.\n                properties:\n                  checksum:\n                    description: The manifests sha1 checksum.\n                    type: string\n                  entries:\n                    description: A list of Kubernetes kinds grouped by namespace.\n                    items:\n                      description: Snapshot holds the metadata of namespaced Kubernetes\n                        objects\n                      properties:\n                        kinds:\n                          additionalProperties:\n                            type: string\n                          description: The list of Kubernetes kinds.\n                          type: object\n                        namespace:\n                          description: The namespace of this entry.\n                          type: string\n                      required:\n                      - kinds\n                      type: object\n                    type: array\n                required:\n                - checksum\n                - entries\n                type: object\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the configuration to calculate\n              the desired state from a Source using Kustomize.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name of a secret that contains\n                      a key with the kubeconfig file as the value. If no key is set,\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the Kustomization. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the Kustomization.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:\n                  Use Patches instead.'\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: 'Strategic merge patches, defined as inline YAML objects.\n                  Deprecated: Use Patches instead.'\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                        optional:\n                          default: false\n                          description: Optional indicates whether the referenced resource\n                            must exist, or whether to tolerate its absence. If true\n                            and the referenced resource is absent, proceed as if the\n                            resource was present but empty, without any variables\n                            defined.\n                          type: boolean\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent.\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the namespace\n                      of the Kubernetes resource object that contains the reference.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: 'Deprecated: Not used in v1beta2.'\n                enum:\n                - none\n                - client\n                - server\n                type: string\n              wait:\n                description: Wait instructs the controller to check the health of\n                  all the reconciled resources. When enabled, the HealthChecks are\n                  ignored. Defaults to false.\n                type: boolean\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              inventory:\n                description: Inventory contains the list of Kubernetes resource object\n                  references that have been successfully applied.\n                properties:\n                  entries:\n                    description: Entries of Kubernetes resource object references.\n                    items:\n                      description: ResourceRef contains the information necessary\n                        to locate a resource within a cluster.\n                      properties:\n                        id:\n                          description: ID is the string representation of the Kubernetes\n                            resource object's metadata, in the format '\u003cnamespace\u003e_\u003cname\u003e_\u003cgroup\u003e_\u003ckind\u003e'.\n                          type: string\n                        v:\n                          description: Version is the API version of the Kubernetes\n                            resource object's kind.\n                          type: string\n                      required:\n                      - id\n                      - v\n                      type: object\n                    type: array\n                required:\n                - entries\n                type: object\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-              "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/providers.notification.toolkit.fluxcd.io": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: providers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Provider\n    listKind: ProviderList\n    plural: providers\n    singular: provider\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Provider is the Schema for the providers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ProviderSpec defines the desired state of Provider\n            properties:\n              address:\n                description: HTTP/S webhook address of this provider\n                pattern: ^(http|https)://\n                type: string\n              certSecretRef:\n                description: CertSecretRef can be given the name of a secret containing\n                  a PEM-encoded CA certificate (`caFile`)\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              channel:\n                description: Alert channel for this provider\n                type: string\n              proxy:\n                description: HTTP/S address of the proxy\n                pattern: ^(http|https)://\n                type: string\n              secretRef:\n                description: Secret reference containing the provider webhook URL\n                  using \"address\" as data key\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of provider\n                enum:\n                - slack\n                - discord\n                - msteams\n                - rocket\n                - generic\n                - github\n                - gitlab\n                - bitbucket\n                - azuredevops\n                - googlechat\n                - webex\n                - sentry\n                - azureeventhub\n                - telegram\n                - lark\n                - matrix\n                - opsgenie\n                - alertmanager\n                - grafana\n                type: string\n              username:\n                description: Bot username for this provider\n                type: string\n            required:\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ProviderStatus defines the observed state of Provider\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-              "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/receivers.notification.toolkit.fluxcd.io": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: receivers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Receiver\n    listKind: ReceiverList\n    plural: receivers\n    singular: receiver\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Receiver is the Schema for the receivers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ReceiverSpec defines the desired state of Receiver\n            properties:\n              events:\n                description: A list of events to handle, e.g. 'push' for GitHub or\n                  'Push Hook' for GitLab.\n                items:\n                  type: string\n                type: array\n              resources:\n                description: A list of resources to be notified about changes.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              secretRef:\n                description: Secret reference containing the token used to validate\n                  the payload authenticity\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of webhook sender, used to determine the validation\n                  procedure and payload deserialization.\n                enum:\n                - generic\n                - generic-hmac\n                - github\n                - gitlab\n                - bitbucket\n                - harbor\n                - dockerhub\n                - quay\n                - gcr\n                - nexus\n                - acr\n                type: string\n            required:\n            - resources\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ReceiverStatus defines the observed state of Receiver\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-              "/apis/apps/v1/namespaces/flux-system/deployments/helm-controller": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: helm-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: helm-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: helm-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/helm-controller:v0.21.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: helm-controller\n      terminationGracePeriodSeconds: 600\n      volumes:\n      - emptyDir: {}\n        name: temp\n",
-              "/apis/apps/v1/namespaces/flux-system/deployments/kustomize-controller": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: kustomize-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: kustomize-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: kustomize-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/kustomize-controller:v0.25.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: kustomize-controller\n      terminationGracePeriodSeconds: 60\n      volumes:\n      - emptyDir: {}\n        name: temp\n",
-              "/apis/apps/v1/namespaces/flux-system/deployments/notification-controller": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: notification-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: notification-controller\n    spec:\n      containers:\n      - args:\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/notification-controller:v0.23.5\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 9292\n          name: http-webhook\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: notification-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: temp\n",
-              "/apis/apps/v1/namespaces/flux-system/deployments/source-controller": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: source-controller\n  strategy:\n    type: Recreate\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: source-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        - --storage-path=/data\n        - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/source-controller:v0.24.4\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /\n            port: http\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 50m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /data\n          name: data\n        - mountPath: /tmp\n          name: tmp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: source-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: data\n      - emptyDir: {}\n        name: tmp\n",
-              "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/cluster-reconciler-flux-system": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: cluster-reconciler-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n",
-              "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/crd-controller-flux-system": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: crd-controller-flux-system\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: source-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: notification-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-reflector-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-automation-controller\n  namespace: flux-system\n",
-              "/apis/rbac.authorization.k8s.io/v1/clusterroles/crd-controller-flux-system": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nrules:\n- apiGroups:\n  - source.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - kustomize.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - helm.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - notification.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - image.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - \"\"\n  resources:\n  - namespaces\n  - secrets\n  - configmaps\n  - serviceaccounts\n  verbs:\n  - get\n  - list\n  - watch\n- apiGroups:\n  - \"\"\n  resources:\n  - events\n  verbs:\n  - create\n  - patch\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps/status\n  verbs:\n  - get\n  - update\n  - patch\n- apiGroups:\n  - coordination.k8s.io\n  resources:\n  - leases\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n"
-            }
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.flux",
-      "mode": "data",
-      "type": "kubectl_file_documents",
-      "name": "sync",
-      "provider": "module.flux.provider[\"registry.terraform.io/gavinbunney/kubectl\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "content": "# This manifest was generated by flux. DO NOT EDIT.\n---\napiVersion: source.toolkit.fluxcd.io/v1beta2\nkind: GitRepository\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 1m0s\n  ref:\n    branch: main\n  secretRef:\n    name: flux-system\n  url: ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git\n---\napiVersion: kustomize.toolkit.fluxcd.io/v1beta2\nkind: Kustomization\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 10m0s\n  path: ./clank\n  prune: true\n  sourceRef:\n    kind: GitRepository\n    name: flux-system\n",
-            "documents": [
-              "apiVersion: source.toolkit.fluxcd.io/v1beta2\nkind: GitRepository\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 1m0s\n  ref:\n    branch: main\n  secretRef:\n    name: flux-system\n  url: ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git",
-              "apiVersion: kustomize.toolkit.fluxcd.io/v1beta2\nkind: Kustomization\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 10m0s\n  path: ./clank\n  prune: true\n  sourceRef:\n    kind: GitRepository\n    name: flux-system"
-            ],
-            "id": "e8997c4e0723aaa03560bc3abf63ef964f956c0fcdf89eb1cbfb760c799cf8d0",
-            "manifests": {
-              "/apis/kustomize.toolkit.fluxcd.io/v1beta2/namespaces/flux-system/kustomizations/flux-system": "apiVersion: kustomize.toolkit.fluxcd.io/v1beta2\nkind: Kustomization\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 10m0s\n  path: ./clank\n  prune: true\n  sourceRef:\n    kind: GitRepository\n    name: flux-system\n",
-              "/apis/source.toolkit.fluxcd.io/v1beta2/namespaces/flux-system/gitrepositorys/flux-system": "apiVersion: source.toolkit.fluxcd.io/v1beta2\nkind: GitRepository\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 1m0s\n  ref:\n    branch: main\n  secretRef:\n    name: flux-system\n  url: ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git\n"
-            }
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.flux",
-      "mode": "managed",
-      "type": "kubectl_manifest",
-      "name": "apply",
-      "provider": "module.flux.provider[\"registry.terraform.io/gavinbunney/kubectl\"]",
-      "instances": [
-        {
-          "index_key": "apiextensions.k8s.io/v1/customresourcedefinition/alerts.notification.toolkit.fluxcd.io",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apiextensions.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/alerts.notification.toolkit.fluxcd.io",
-            "ignore_fields": null,
-            "kind": "CustomResourceDefinition",
-            "live_manifest_incluster": "3eb4be5c0abda78b11086bee7392e6b42d459303662ec0dabdbaf95d67cb3906",
-            "live_uid": "e1ca18e4-5cc9-48ff-98ed-d7f886b6d7c2",
-            "name": "alerts.notification.toolkit.fluxcd.io",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "e1ca18e4-5cc9-48ff-98ed-d7f886b6d7c2",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: alerts.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Alert\n    listKind: AlertList\n    plural: alerts\n    singular: alert\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Alert is the Schema for the alerts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: AlertSpec defines an alerting rule for events involving a\n              list of objects\n            properties:\n              eventSeverity:\n                default: info\n                description: Filter events based on severity, defaults to ('info').\n                  If set to 'info' no events will be filtered.\n                enum:\n                - info\n                - error\n                type: string\n              eventSources:\n                description: Filter events based on the involved objects.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              exclusionList:\n                description: A list of Golang regular expressions to be used for excluding\n                  messages.\n                items:\n                  type: string\n                type: array\n              providerRef:\n                description: Send events using this provider.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              summary:\n                description: Short description of the impact and affected cluster.\n                type: string\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events dispatching. Defaults to false.\n                type: boolean\n            required:\n            - eventSources\n            - providerRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: AlertStatus defines the observed state of Alert\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-            "yaml_body_parsed": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: alerts.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Alert\n    listKind: AlertList\n    plural: alerts\n    singular: alert\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Alert is the Schema for the alerts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: AlertSpec defines an alerting rule for events involving a\n              list of objects\n            properties:\n              eventSeverity:\n                default: info\n                description: Filter events based on severity, defaults to ('info').\n                  If set to 'info' no events will be filtered.\n                enum:\n                - info\n                - error\n                type: string\n              eventSources:\n                description: Filter events based on the involved objects.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              exclusionList:\n                description: A list of Golang regular expressions to be used for excluding\n                  messages.\n                items:\n                  type: string\n                type: array\n              providerRef:\n                description: Send events using this provider.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              summary:\n                description: Short description of the impact and affected cluster.\n                type: string\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events dispatching. Defaults to false.\n                type: boolean\n            required:\n            - eventSources\n            - providerRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: AlertStatus defines the observed state of Alert\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-            "yaml_incluster": "3eb4be5c0abda78b11086bee7392e6b42d459303662ec0dabdbaf95d67cb3906"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apiextensions.k8s.io/v1/customresourcedefinition/buckets.source.toolkit.fluxcd.io",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apiextensions.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/buckets.source.toolkit.fluxcd.io",
-            "ignore_fields": null,
-            "kind": "CustomResourceDefinition",
-            "live_manifest_incluster": "4ec58b70c20cd1a91e0df4e5a9c83429927ab34766e1866beed7a7c7c3b2201c",
-            "live_uid": "0187872f-792e-45df-b75b-b825eb77db20",
-            "name": "buckets.source.toolkit.fluxcd.io",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "0187872f-792e-45df-b75b-b825eb77db20",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: buckets.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: Bucket\n    listKind: BucketList\n    plural: buckets\n    singular: bucket\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec defines the desired state of an S3 compatible\n              bucket\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: The bucket name.\n                type: string\n              endpoint:\n                description: The bucket endpoint address.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.\n                type: boolean\n              interval:\n                description: The interval at which to check for bucket updates.\n                type: string\n              provider:\n                default: generic\n                description: The S3 compatible storage provider name, default ('generic').\n                enum:\n                - generic\n                - aws\n                - gcp\n                type: string\n              region:\n                description: The bucket region.\n                type: string\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for download operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus defines the observed state of a bucket\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  Bucket sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last Bucket sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec specifies the required configuration to produce\n              an Artifact for an object storage bucket.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: BucketName is the name of the object storage bucket.\n                type: string\n              endpoint:\n                description: Endpoint is the object storage address the BucketName\n                  is located at.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS HTTP Endpoint.\n                type: boolean\n              interval:\n                description: Interval at which to check the Endpoint for updates.\n                type: string\n              provider:\n                default: generic\n                description: Provider of the object storage bucket. Defaults to 'generic',\n                  which expects an S3 (API) compatible object storage.\n                enum:\n                - generic\n                - aws\n                - gcp\n                - azure\n                type: string\n              region:\n                description: Region of the Endpoint where the BucketName is located\n                  in.\n                type: string\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this Bucket.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for fetch operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus records the observed state of a Bucket.\n            properties:\n              artifact:\n                description: Artifact represents the last successful Bucket reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the Bucket object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-            "yaml_body_parsed": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: buckets.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: Bucket\n    listKind: BucketList\n    plural: buckets\n    singular: bucket\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec defines the desired state of an S3 compatible\n              bucket\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: The bucket name.\n                type: string\n              endpoint:\n                description: The bucket endpoint address.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.\n                type: boolean\n              interval:\n                description: The interval at which to check for bucket updates.\n                type: string\n              provider:\n                default: generic\n                description: The S3 compatible storage provider name, default ('generic').\n                enum:\n                - generic\n                - aws\n                - gcp\n                type: string\n              region:\n                description: The bucket region.\n                type: string\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for download operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus defines the observed state of a bucket\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  Bucket sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last Bucket sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.endpoint\n      name: Endpoint\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Bucket is the Schema for the buckets API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: BucketSpec specifies the required configuration to produce\n              an Artifact for an object storage bucket.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              bucketName:\n                description: BucketName is the name of the object storage bucket.\n                type: string\n              endpoint:\n                description: Endpoint is the object storage address the BucketName\n                  is located at.\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              insecure:\n                description: Insecure allows connecting to a non-TLS HTTP Endpoint.\n                type: boolean\n              interval:\n                description: Interval at which to check the Endpoint for updates.\n                type: string\n              provider:\n                default: generic\n                description: Provider of the object storage bucket. Defaults to 'generic',\n                  which expects an S3 (API) compatible object storage.\n                enum:\n                - generic\n                - aws\n                - gcp\n                - azure\n                type: string\n              region:\n                description: Region of the Endpoint where the BucketName is located\n                  in.\n                type: string\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the Bucket.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this Bucket.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for fetch operations, defaults to 60s.\n                type: string\n            required:\n            - bucketName\n            - endpoint\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: BucketStatus records the observed state of a Bucket.\n            properties:\n              artifact:\n                description: Artifact represents the last successful Bucket reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the Bucket.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the Bucket object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-            "yaml_incluster": "4ec58b70c20cd1a91e0df4e5a9c83429927ab34766e1866beed7a7c7c3b2201c"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apiextensions.k8s.io/v1/customresourcedefinition/gitrepositories.source.toolkit.fluxcd.io",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apiextensions.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/gitrepositories.source.toolkit.fluxcd.io",
-            "ignore_fields": null,
-            "kind": "CustomResourceDefinition",
-            "live_manifest_incluster": "ebe9ab24635dab17661e2f41e74bf6f100c9b31f4181530b8146580b6d506d57",
-            "live_uid": "6780b364-265c-4d4a-ac58-348caeb6bff9",
-            "name": "gitrepositories.source.toolkit.fluxcd.io",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "6780b364-265c-4d4a-ac58-348caeb6bff9",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: gitrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: GitRepository\n    listKind: GitRepositoryList\n    plural: gitrepositories\n    shortNames:\n    - gitrepo\n    singular: gitrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec defines the desired state of a Git repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: Determines which git client library to use. Defaults\n                  to go-git, valid values are ('go-git', 'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Extra git repositories to map into the repository\n                items:\n                  description: GitRepositoryInclude defines a source with a from and\n                    to path.\n                  properties:\n                    fromPath:\n                      description: The path to copy contents from, defaults to the\n                        root directory.\n                      type: string\n                    repository:\n                      description: Reference to a GitRepository to include.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: The path to copy contents to, defaults to the name\n                        of the source ref.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to check for repository updates.\n                type: string\n              recurseSubmodules:\n                description: When enabled, after the clone is created, initializes\n                  all submodules within, using their default settings. This option\n                  is available only when using the 'go-git' GitImplementation.\n                type: boolean\n              ref:\n                description: The Git reference to checkout and monitor for changes,\n                  defaults to master branch.\n                properties:\n                  branch:\n                    description: The Git branch to checkout, defaults to master.\n                    type: string\n                  commit:\n                    description: The Git commit SHA to checkout, if specified Tag\n                      filters will be ignored.\n                    type: string\n                  semver:\n                    description: The Git tag semver expression, takes precedence over\n                      Tag.\n                    type: string\n                  tag:\n                    description: The Git tag to checkout, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: The secret name containing the Git credentials. For HTTPS\n                  repositories the secret must contain username and password fields.\n                  For SSH repositories the secret must contain identity and known_hosts\n                  fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for remote Git operations like cloning, defaults\n                  to 60s.\n                type: string\n              url:\n                description: The repository URL, can be a HTTP/S or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verify OpenPGP signature for the Git commit HEAD points\n                  to.\n                properties:\n                  mode:\n                    description: Mode describes what git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: The secret name containing the public keys of all\n                      trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus defines the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts represents the included artifacts from\n                  the last successful repository sync.\n                items:\n                  description: Artifact represents the output of a source synchronisation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the artifact.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of this artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of this artifact.\n                      type: string\n                    revision:\n                      description: Revision is a human readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm index timestamp, a Helm chart version, etc.\n                      type: string\n                    url:\n                      description: URL is the HTTP address of this artifact.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last repository sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec specifies the required configuration to\n              produce an Artifact for a Git repository.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: GitImplementation specifies which Git client library\n                  implementation to use. Defaults to 'go-git', valid values are ('go-git',\n                  'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Include specifies a list of GitRepository resources which\n                  Artifacts should be included in the Artifact produced for this GitRepository.\n                items:\n                  description: GitRepositoryInclude specifies a local reference to\n                    a GitRepository which Artifact (sub-)contents must be included,\n                    and where they should be placed.\n                  properties:\n                    fromPath:\n                      description: FromPath specifies the path to copy contents from,\n                        defaults to the root of the Artifact.\n                      type: string\n                    repository:\n                      description: GitRepositoryRef specifies the GitRepository which\n                        Artifact contents must be included.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: ToPath specifies the path to copy contents to,\n                        defaults to the name of the GitRepositoryRef.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: Interval at which to check the GitRepository for updates.\n                type: string\n              recurseSubmodules:\n                description: RecurseSubmodules enables the initialization of all submodules\n                  within the GitRepository as cloned from the URL, using their default\n                  settings. This option is available only when using the 'go-git'\n                  GitImplementation.\n                type: boolean\n              ref:\n                description: Reference specifies the Git reference to resolve and\n                  monitor for changes, defaults to the 'master' branch.\n                properties:\n                  branch:\n                    description: \"Branch to check out, defaults to 'master' if no\n                      other field is defined. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', a shallow clone of the specified branch\n                      is performed.\"\n                    type: string\n                  commit:\n                    description: \"Commit SHA to check out, takes precedence over all\n                      reference fields. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', this can be combined with Branch to shallow\n                      clone the branch, in which the commit is expected to exist.\"\n                    type: string\n                  semver:\n                    description: SemVer tag expression to check out, takes precedence\n                      over Tag.\n                    type: string\n                  tag:\n                    description: Tag to check out, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the GitRepository. For HTTPS repositories the Secret\n                  must contain 'username' and 'password' fields. For SSH repositories\n                  the Secret must contain 'identity' and 'known_hosts' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this GitRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for Git operations like cloning, defaults to\n                  60s.\n                type: string\n              url:\n                description: URL specifies the Git repository URL, it can be an HTTP/S\n                  or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verification specifies the configuration to verify the\n                  Git commit signature(s).\n                properties:\n                  mode:\n                    description: Mode specifies what Git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: SecretRef specifies the Secret containing the public\n                      keys of trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus records the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful GitRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts contains a list of the last successfully\n                  included Artifacts as instructed by GitRepositorySpec.Include.\n                items:\n                  description: Artifact represents the output of a Source reconciliation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the Artifact\n                        file.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of the Artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of the Artifact.\n                        It can be used to locate the file in the root of the Artifact\n                        storage on the local file system of the controller managing\n                        the Source.\n                      type: string\n                    revision:\n                      description: Revision is a human-readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm chart version, etc.\n                      type: string\n                    size:\n                      description: Size is the number of bytes in the file.\n                      format: int64\n                      type: integer\n                    url:\n                      description: URL is the HTTP address of the Artifact as exposed\n                        by the controller managing the Source. It can be used to retrieve\n                        the Artifact for consumption, e.g. by another controller applying\n                        the Artifact contents.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the GitRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise GitRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-            "yaml_body_parsed": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: gitrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: GitRepository\n    listKind: GitRepositoryList\n    plural: gitrepositories\n    shortNames:\n    - gitrepo\n    singular: gitrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec defines the desired state of a Git repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: Determines which git client library to use. Defaults\n                  to go-git, valid values are ('go-git', 'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Extra git repositories to map into the repository\n                items:\n                  description: GitRepositoryInclude defines a source with a from and\n                    to path.\n                  properties:\n                    fromPath:\n                      description: The path to copy contents from, defaults to the\n                        root directory.\n                      type: string\n                    repository:\n                      description: Reference to a GitRepository to include.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: The path to copy contents to, defaults to the name\n                        of the source ref.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to check for repository updates.\n                type: string\n              recurseSubmodules:\n                description: When enabled, after the clone is created, initializes\n                  all submodules within, using their default settings. This option\n                  is available only when using the 'go-git' GitImplementation.\n                type: boolean\n              ref:\n                description: The Git reference to checkout and monitor for changes,\n                  defaults to master branch.\n                properties:\n                  branch:\n                    description: The Git branch to checkout, defaults to master.\n                    type: string\n                  commit:\n                    description: The Git commit SHA to checkout, if specified Tag\n                      filters will be ignored.\n                    type: string\n                  semver:\n                    description: The Git tag semver expression, takes precedence over\n                      Tag.\n                    type: string\n                  tag:\n                    description: The Git tag to checkout, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: The secret name containing the Git credentials. For HTTPS\n                  repositories the secret must contain username and password fields.\n                  For SSH repositories the secret must contain identity and known_hosts\n                  fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout for remote Git operations like cloning, defaults\n                  to 60s.\n                type: string\n              url:\n                description: The repository URL, can be a HTTP/S or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verify OpenPGP signature for the Git commit HEAD points\n                  to.\n                properties:\n                  mode:\n                    description: Mode describes what git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: The secret name containing the public keys of all\n                      trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus defines the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts represents the included artifacts from\n                  the last successful repository sync.\n                items:\n                  description: Artifact represents the output of a source synchronisation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the artifact.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of this artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of this artifact.\n                      type: string\n                    revision:\n                      description: Revision is a human readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm index timestamp, a Helm chart version, etc.\n                      type: string\n                    url:\n                      description: URL is the HTTP address of this artifact.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the artifact output of the\n                  last repository sync.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: GitRepository is the Schema for the gitrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: GitRepositorySpec specifies the required configuration to\n              produce an Artifact for a Git repository.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              gitImplementation:\n                default: go-git\n                description: GitImplementation specifies which Git client library\n                  implementation to use. Defaults to 'go-git', valid values are ('go-git',\n                  'libgit2').\n                enum:\n                - go-git\n                - libgit2\n                type: string\n              ignore:\n                description: Ignore overrides the set of excluded patterns in the\n                  .sourceignore format (which is the same as .gitignore). If not provided,\n                  a default will be used, consult the documentation for your version\n                  to find out what those are.\n                type: string\n              include:\n                description: Include specifies a list of GitRepository resources which\n                  Artifacts should be included in the Artifact produced for this GitRepository.\n                items:\n                  description: GitRepositoryInclude specifies a local reference to\n                    a GitRepository which Artifact (sub-)contents must be included,\n                    and where they should be placed.\n                  properties:\n                    fromPath:\n                      description: FromPath specifies the path to copy contents from,\n                        defaults to the root of the Artifact.\n                      type: string\n                    repository:\n                      description: GitRepositoryRef specifies the GitRepository which\n                        Artifact contents must be included.\n                      properties:\n                        name:\n                          description: Name of the referent.\n                          type: string\n                      required:\n                      - name\n                      type: object\n                    toPath:\n                      description: ToPath specifies the path to copy contents to,\n                        defaults to the name of the GitRepositoryRef.\n                      type: string\n                  required:\n                  - repository\n                  type: object\n                type: array\n              interval:\n                description: Interval at which to check the GitRepository for updates.\n                type: string\n              recurseSubmodules:\n                description: RecurseSubmodules enables the initialization of all submodules\n                  within the GitRepository as cloned from the URL, using their default\n                  settings. This option is available only when using the 'go-git'\n                  GitImplementation.\n                type: boolean\n              ref:\n                description: Reference specifies the Git reference to resolve and\n                  monitor for changes, defaults to the 'master' branch.\n                properties:\n                  branch:\n                    description: \"Branch to check out, defaults to 'master' if no\n                      other field is defined. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', a shallow clone of the specified branch\n                      is performed.\"\n                    type: string\n                  commit:\n                    description: \"Commit SHA to check out, takes precedence over all\n                      reference fields. \\n When GitRepositorySpec.GitImplementation\n                      is set to 'go-git', this can be combined with Branch to shallow\n                      clone the branch, in which the commit is expected to exist.\"\n                    type: string\n                  semver:\n                    description: SemVer tag expression to check out, takes precedence\n                      over Tag.\n                    type: string\n                  tag:\n                    description: Tag to check out, takes precedence over Branch.\n                    type: string\n                type: object\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the GitRepository. For HTTPS repositories the Secret\n                  must contain 'username' and 'password' fields. For SSH repositories\n                  the Secret must contain 'identity' and 'known_hosts' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this GitRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout for Git operations like cloning, defaults to\n                  60s.\n                type: string\n              url:\n                description: URL specifies the Git repository URL, it can be an HTTP/S\n                  or SSH address.\n                pattern: ^(http|https|ssh)://\n                type: string\n              verify:\n                description: Verification specifies the configuration to verify the\n                  Git commit signature(s).\n                properties:\n                  mode:\n                    description: Mode specifies what Git object should be verified,\n                      currently ('head').\n                    enum:\n                    - head\n                    type: string\n                  secretRef:\n                    description: SecretRef specifies the Secret containing the public\n                      keys of trusted Git authors.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - mode\n                type: object\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: GitRepositoryStatus records the observed state of a Git repository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful GitRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the GitRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              includedArtifacts:\n                description: IncludedArtifacts contains a list of the last successfully\n                  included Artifacts as instructed by GitRepositorySpec.Include.\n                items:\n                  description: Artifact represents the output of a Source reconciliation.\n                  properties:\n                    checksum:\n                      description: Checksum is the SHA256 checksum of the Artifact\n                        file.\n                      type: string\n                    lastUpdateTime:\n                      description: LastUpdateTime is the timestamp corresponding to\n                        the last update of the Artifact.\n                      format: date-time\n                      type: string\n                    path:\n                      description: Path is the relative file path of the Artifact.\n                        It can be used to locate the file in the root of the Artifact\n                        storage on the local file system of the controller managing\n                        the Source.\n                      type: string\n                    revision:\n                      description: Revision is a human-readable identifier traceable\n                        in the origin source system. It can be a Git commit SHA, Git\n                        tag, a Helm chart version, etc.\n                      type: string\n                    size:\n                      description: Size is the number of bytes in the file.\n                      format: int64\n                      type: integer\n                    url:\n                      description: URL is the HTTP address of the Artifact as exposed\n                        by the controller managing the Source. It can be used to retrieve\n                        the Artifact for consumption, e.g. by another controller applying\n                        the Artifact contents.\n                      type: string\n                  required:\n                  - path\n                  - url\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the GitRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise GitRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-            "yaml_incluster": "ebe9ab24635dab17661e2f41e74bf6f100c9b31f4181530b8146580b6d506d57"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apiextensions.k8s.io/v1/customresourcedefinition/helmcharts.source.toolkit.fluxcd.io",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apiextensions.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/helmcharts.source.toolkit.fluxcd.io",
-            "ignore_fields": null,
-            "kind": "CustomResourceDefinition",
-            "live_manifest_incluster": "aad2c1c316d96f34f649fef444b0d0ecbc73ea02b5824b33285968dc05b6b41c",
-            "live_uid": "d6e363e7-ce9e-46ee-bb10-d61e06d50013",
-            "name": "helmcharts.source.toolkit.fluxcd.io",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "d6e363e7-ce9e-46ee-bb10-d61e06d50013",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmcharts.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmChart\n    listKind: HelmChartList\n    plural: helmcharts\n    shortNames:\n    - hc\n    singular: helmchart\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec defines the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: The name or path the Helm chart is available at in the\n                  SourceRef.\n                type: string\n              interval:\n                description: The interval at which to check the Source for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: Determines what enables the creation of a new artifact.\n                  Valid values are ('ChartVersion', 'Revision'). See the documentation\n                  of the values for an explanation on their behavior. Defaults to\n                  ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: The reference to the Source the chart is available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: Alternative values file to use as the default chart values,\n                  expected to be a relative path in the SourceRef. Deprecated in favor\n                  of ValuesFiles, for backwards compatibility the file defined here\n                  is merged before the ValuesFiles items. Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: Alternative list of values files to use as the chart\n                  values (values.yaml is not included by default), expected to be\n                  a relative path in the SourceRef. Values files are merged in the\n                  order of this list with the last file overriding the first. Ignored\n                  when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: The chart version semver expression, ignored for charts\n                  from GitRepository and Bucket sources. Defaults to latest when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus defines the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  chart sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last chart pulled.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec specifies the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: Chart is the name or path the Helm chart is available\n                  at in the SourceRef.\n                type: string\n              interval:\n                description: Interval is the interval at which to check the Source\n                  for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: ReconcileStrategy determines what enables the creation\n                  of a new artifact. Valid values are ('ChartVersion', 'Revision').\n                  See the documentation of the values for an explanation on their\n                  behavior. Defaults to ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: SourceRef is the reference to the Source the chart is\n                  available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: ValuesFile is an alternative values file to use as the\n                  default chart values, expected to be a relative path in the SourceRef.\n                  Deprecated in favor of ValuesFiles, for backwards compatibility\n                  the file specified here is merged before the ValuesFiles items.\n                  Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: ValuesFiles is an alternative list of values files to\n                  use as the chart values (values.yaml is not included by default),\n                  expected to be a relative path in the SourceRef. Values files are\n                  merged in the order of this list with the last file overriding the\n                  first. Ignored when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: Version is the chart version semver expression, ignored\n                  for charts from GitRepository and Bucket sources. Defaults to latest\n                  when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus records the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedChartName:\n                description: ObservedChartName is the last observed chart name as\n                  specified by the resolved chart reference.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmChart object.\n                format: int64\n                type: integer\n              observedSourceArtifactRevision:\n                description: ObservedSourceArtifactRevision is the last observed Artifact.Revision\n                  of the HelmChartSpec.SourceRef.\n                type: string\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-            "yaml_body_parsed": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmcharts.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmChart\n    listKind: HelmChartList\n    plural: helmcharts\n    shortNames:\n    - hc\n    singular: helmchart\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec defines the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: The name or path the Helm chart is available at in the\n                  SourceRef.\n                type: string\n              interval:\n                description: The interval at which to check the Source for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: Determines what enables the creation of a new artifact.\n                  Valid values are ('ChartVersion', 'Revision'). See the documentation\n                  of the values for an explanation on their behavior. Defaults to\n                  ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: The reference to the Source the chart is available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: Alternative values file to use as the default chart values,\n                  expected to be a relative path in the SourceRef. Deprecated in favor\n                  of ValuesFiles, for backwards compatibility the file defined here\n                  is merged before the ValuesFiles items. Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: Alternative list of values files to use as the chart\n                  values (values.yaml is not included by default), expected to be\n                  a relative path in the SourceRef. Values files are merged in the\n                  order of this list with the last file overriding the first. Ignored\n                  when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: The chart version semver expression, ignored for charts\n                  from GitRepository and Bucket sources. Defaults to latest when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus defines the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  chart sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last chart pulled.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.chart\n      name: Chart\n      type: string\n    - jsonPath: .spec.version\n      name: Version\n      type: string\n    - jsonPath: .spec.sourceRef.kind\n      name: Source Kind\n      type: string\n    - jsonPath: .spec.sourceRef.name\n      name: Source Name\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmChart is the Schema for the helmcharts API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmChartSpec specifies the desired state of a Helm chart.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              chart:\n                description: Chart is the name or path the Helm chart is available\n                  at in the SourceRef.\n                type: string\n              interval:\n                description: Interval is the interval at which to check the Source\n                  for updates.\n                type: string\n              reconcileStrategy:\n                default: ChartVersion\n                description: ReconcileStrategy determines what enables the creation\n                  of a new artifact. Valid values are ('ChartVersion', 'Revision').\n                  See the documentation of the values for an explanation on their\n                  behavior. Defaults to ChartVersion when omitted.\n                enum:\n                - ChartVersion\n                - Revision\n                type: string\n              sourceRef:\n                description: SourceRef is the reference to the Source the chart is\n                  available at.\n                properties:\n                  apiVersion:\n                    description: APIVersion of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent, valid values are ('HelmRepository',\n                      'GitRepository', 'Bucket').\n                    enum:\n                    - HelmRepository\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              valuesFile:\n                description: ValuesFile is an alternative values file to use as the\n                  default chart values, expected to be a relative path in the SourceRef.\n                  Deprecated in favor of ValuesFiles, for backwards compatibility\n                  the file specified here is merged before the ValuesFiles items.\n                  Ignored when omitted.\n                type: string\n              valuesFiles:\n                description: ValuesFiles is an alternative list of values files to\n                  use as the chart values (values.yaml is not included by default),\n                  expected to be a relative path in the SourceRef. Values files are\n                  merged in the order of this list with the last file overriding the\n                  first. Ignored when omitted.\n                items:\n                  type: string\n                type: array\n              version:\n                default: '*'\n                description: Version is the chart version semver expression, ignored\n                  for charts from GitRepository and Bucket sources. Defaults to latest\n                  when omitted.\n                type: string\n            required:\n            - chart\n            - interval\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmChartStatus records the observed state of the HelmChart.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmChart.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedChartName:\n                description: ObservedChartName is the last observed chart name as\n                  specified by the resolved chart reference.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmChart object.\n                format: int64\n                type: integer\n              observedSourceArtifactRevision:\n                description: ObservedSourceArtifactRevision is the last observed Artifact.Revision\n                  of the HelmChartSpec.SourceRef.\n                type: string\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-            "yaml_incluster": "aad2c1c316d96f34f649fef444b0d0ecbc73ea02b5824b33285968dc05b6b41c"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apiextensions.k8s.io/v1/customresourcedefinition/helmreleases.helm.toolkit.fluxcd.io",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apiextensions.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/helmreleases.helm.toolkit.fluxcd.io",
-            "ignore_fields": null,
-            "kind": "CustomResourceDefinition",
-            "live_manifest_incluster": "d51b7c35b26ed986bcfa84ed08648f99ac676ee90faa8997907a1f02fdf9a93d",
-            "live_uid": "5233f278-5d43-4eb6-954e-bbe9b860f2bd",
-            "name": "helmreleases.helm.toolkit.fluxcd.io",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "5233f278-5d43-4eb6-954e-bbe9b860f2bd",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmreleases.helm.toolkit.fluxcd.io\nspec:\n  group: helm.toolkit.fluxcd.io\n  names:\n    kind: HelmRelease\n    listKind: HelmReleaseList\n    plural: helmreleases\n    shortNames:\n    - hr\n    singular: helmrelease\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v2beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRelease is the Schema for the helmreleases API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmReleaseSpec defines the desired state of a Helm release.\n            properties:\n              chart:\n                description: Chart defines the template of the v1beta2.HelmChart that\n                  should be created for this HelmRelease.\n                properties:\n                  spec:\n                    description: Spec holds the template for the v1beta2.HelmChartSpec\n                      for this HelmRelease.\n                    properties:\n                      chart:\n                        description: The name or path the Helm chart is available\n                          at in the SourceRef.\n                        type: string\n                      interval:\n                        description: Interval at which to check the v1beta2.Source\n                          for updates. Defaults to 'HelmReleaseSpec.Interval'.\n                        type: string\n                      reconcileStrategy:\n                        default: ChartVersion\n                        description: Determines what enables the creation of a new\n                          artifact. Valid values are ('ChartVersion', 'Revision').\n                          See the documentation of the values for an explanation on\n                          their behavior. Defaults to ChartVersion when omitted.\n                        enum:\n                        - ChartVersion\n                        - Revision\n                        type: string\n                      sourceRef:\n                        description: The name and namespace of the v1beta2.Source\n                          the chart is available at.\n                        properties:\n                          apiVersion:\n                            description: APIVersion of the referent.\n                            type: string\n                          kind:\n                            description: Kind of the referent.\n                            enum:\n                            - HelmRepository\n                            - GitRepository\n                            - Bucket\n                            type: string\n                          name:\n                            description: Name of the referent.\n                            maxLength: 253\n                            minLength: 1\n                            type: string\n                          namespace:\n                            description: Namespace of the referent.\n                            maxLength: 63\n                            minLength: 1\n                            type: string\n                        required:\n                        - name\n                        type: object\n                      valuesFile:\n                        description: Alternative values file to use as the default\n                          chart values, expected to be a relative path in the SourceRef.\n                          Deprecated in favor of ValuesFiles, for backwards compatibility\n                          the file defined here is merged before the ValuesFiles items.\n                          Ignored when omitted.\n                        type: string\n                      valuesFiles:\n                        description: Alternative list of values files to use as the\n                          chart values (values.yaml is not included by default), expected\n                          to be a relative path in the SourceRef. Values files are\n                          merged in the order of this list with the last file overriding\n                          the first. Ignored when omitted.\n                        items:\n                          type: string\n                        type: array\n                      version:\n                        default: '*'\n                        description: Version semver expression, ignored for charts\n                          from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults\n                          to latest when omitted.\n                        type: string\n                    required:\n                    - chart\n                    - sourceRef\n                    type: object\n                required:\n                - spec\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to HelmRelease resources that must be ready\n                  before this HelmRelease can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              install:\n                description: Install holds the configuration for Helm install actions\n                  for this HelmRelease.\n                properties:\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Create`\n                      and if omitted CRDs are installed but not updated. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are applied (installed) during Helm install action. With this\n                      option users can opt-in to CRD replace existing CRDs on Helm\n                      install actions, which is not (yet) natively supported by Helm.\n                      https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  createNamespace:\n                    description: CreateNamespace tells the Helm install action to\n                      create the HelmReleaseSpec.TargetNamespace if it does not exist\n                      yet. On uninstall, the namespace will not be garbage collected.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm install action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm install\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm install has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm install has been performed.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm install action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an install\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false'.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          an uninstall, is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                    type: object\n                  replace:\n                    description: Replace tells the Helm install action to re-use the\n                      'ReleaseName', but only if that name is a deleted release which\n                      remains in the history.\n                    type: boolean\n                  skipCRDs:\n                    description: \"SkipCRDs tells the Helm install action to not install\n                      any CRDs. By default, CRDs are installed if not already present.\n                      \\n Deprecated use CRD policy (`crds`) attribute with value `Skip`\n                      instead.\"\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              interval:\n                description: Interval at which to reconcile the Helm release.\n                type: string\n              kubeConfig:\n                description: KubeConfig for reconciling the HelmRelease on a remote\n                  cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a key with the kubeconfig file as the value. If no key is specified\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the HelmRelease. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the HelmRelease.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              maxHistory:\n                description: MaxHistory is the number of revisions saved by Helm for\n                  this HelmRelease. Use '0' for an unlimited number of revisions;\n                  defaults to '10'.\n                type: integer\n              postRenderers:\n                description: PostRenderers holds an array of Helm PostRenderers, which\n                  will be applied in order of their definition.\n                items:\n                  description: PostRenderer contains a Helm PostRenderer specification.\n                  properties:\n                    kustomize:\n                      description: Kustomization to apply as PostRenderer.\n                      properties:\n                        images:\n                          description: Images is a list of (image name, new name,\n                            new tag or digest) for changing image names, tags or digests.\n                            This can also be achieved with a patch, but this operator\n                            is simpler to specify.\n                          items:\n                            description: Image contains an image name, a new name,\n                              a new tag or digest, which will replace the original\n                              name and tag.\n                            properties:\n                              digest:\n                                description: Digest is the value used to replace the\n                                  original image tag. If digest is present NewTag\n                                  value is ignored.\n                                type: string\n                              name:\n                                description: Name is a tag-less image name.\n                                type: string\n                              newName:\n                                description: NewName is the value used to replace\n                                  the original name.\n                                type: string\n                              newTag:\n                                description: NewTag is the value used to replace the\n                                  original tag.\n                                type: string\n                            required:\n                            - name\n                            type: object\n                          type: array\n                        patches:\n                          description: Strategic merge and JSON patches, defined as\n                            inline YAML objects, capable of targeting objects based\n                            on kind, label and annotation selectors.\n                          items:\n                            description: Patch contains an inline StrategicMerge or\n                              JSON6902 patch, and the target the patch should be applied\n                              to.\n                            properties:\n                              patch:\n                                description: Patch contains an inline StrategicMerge\n                                  patch or an inline JSON6902 patch with an array\n                                  of operation objects.\n                                type: string\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            type: object\n                          type: array\n                        patchesJson6902:\n                          description: JSON 6902 patches, defined as inline YAML objects.\n                          items:\n                            description: JSON6902Patch contains a JSON6902 patch and\n                              the target the patch should be applied to.\n                            properties:\n                              patch:\n                                description: Patch contains the JSON6902 patch document\n                                  with an array of operation objects.\n                                items:\n                                  description: JSON6902 is a JSON6902 operation object.\n                                    https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                  properties:\n                                    from:\n                                      description: From contains a JSON-pointer value\n                                        that references a location within the target\n                                        document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      type: string\n                                    op:\n                                      description: Op indicates the operation to perform.\n                                        Its value MUST be one of \"add\", \"remove\",\n                                        \"replace\", \"move\", \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                      enum:\n                                      - test\n                                      - remove\n                                      - add\n                                      - replace\n                                      - move\n                                      - copy\n                                      type: string\n                                    path:\n                                      description: Path contains the JSON-pointer\n                                        value that references a location within the\n                                        target document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op.\n                                      type: string\n                                    value:\n                                      description: Value contains a valid JSON structure.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      x-kubernetes-preserve-unknown-fields: true\n                                  required:\n                                  - op\n                                  - path\n                                  type: object\n                                type: array\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            required:\n                            - patch\n                            - target\n                            type: object\n                          type: array\n                        patchesStrategicMerge:\n                          description: Strategic merge patches, defined as inline\n                            YAML objects.\n                          items:\n                            x-kubernetes-preserve-unknown-fields: true\n                          type: array\n                      type: object\n                  type: object\n                type: array\n              releaseName:\n                description: ReleaseName used for the Helm release. Defaults to a\n                  composition of '[TargetNamespace-]Name'.\n                maxLength: 53\n                minLength: 1\n                type: string\n              rollback:\n                description: Rollback holds the configuration for Helm rollback actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm rollback action when it fails.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm rollback has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm rollback has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  recreate:\n                    description: Recreate performs pod restarts for the resource if\n                      applicable.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this HelmRelease.\n                type: string\n              storageNamespace:\n                description: StorageNamespace used for the Helm storage. Defaults\n                  to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              suspend:\n                description: Suspend tells the controller to suspend reconciliation\n                  for this HelmRelease, it does not apply to already started reconciliations.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace to target when performing operations\n                  for the HelmRelease. Defaults to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              test:\n                description: Test holds the configuration for Helm test actions for\n                  this HelmRelease.\n                properties:\n                  enable:\n                    description: Enable enables Helm test actions for this HelmRelease\n                      after an Helm install or upgrade action has been performed.\n                    type: boolean\n                  ignoreFailures:\n                    description: IgnoreFailures tells the controller to skip remediation\n                      when the Helm tests are run but fail. Can be overwritten for\n                      tests run after install or upgrade actions in 'Install.IgnoreTestFailures'\n                      and 'Upgrade.IgnoreTestFailures'.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation during the performance of a Helm test action. Defaults\n                      to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              timeout:\n                description: Timeout is the time to wait for any individual Kubernetes\n                  operation (like Jobs for hooks) during the performance of a Helm\n                  action. Defaults to '5m0s'.\n                type: string\n              uninstall:\n                description: Uninstall holds the configuration for Helm uninstall\n                  actions for this HelmRelease.\n                properties:\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables waiting for all the resources\n                      to be deleted after a Helm uninstall is performed.\n                    type: boolean\n                  keepHistory:\n                    description: KeepHistory tells Helm to remove all associated resources\n                      and mark the release as deleted, but retain the release history.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              upgrade:\n                description: Upgrade holds the configuration for Helm upgrade actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm upgrade action when it fails.\n                    type: boolean\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and\n                      if omitted CRDs are neither installed nor upgraded. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are not applied during Helm upgrade action. With this option\n                      users can opt-in to CRD upgrade, which is not (yet) natively\n                      supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm upgrade action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm upgrade\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm upgrade has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm upgrade has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  preserveValues:\n                    description: PreserveValues will make Helm reuse the last release's\n                      values and merge in overrides from 'Values'. Setting this flag\n                      makes the HelmRelease non-declarative.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm upgrade action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an upgrade\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false' unless 'Retries' is greater than 0.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          'Strategy', is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                      strategy:\n                        description: Strategy to use for failure remediation. Defaults\n                          to 'rollback'.\n                        enum:\n                        - rollback\n                        - uninstall\n                        type: string\n                    type: object\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              values:\n                description: Values holds the values for this Helm release.\n                x-kubernetes-preserve-unknown-fields: true\n              valuesFrom:\n                description: ValuesFrom holds references to resources containing Helm\n                  values for this HelmRelease, and information about how they should\n                  be merged.\n                items:\n                  description: ValuesReference contains a reference to a resource\n                    containing Helm values, and optionally the key they can be found\n                    at.\n                  properties:\n                    kind:\n                      description: Kind of the values referent, valid values are ('Secret',\n                        'ConfigMap').\n                      enum:\n                      - Secret\n                      - ConfigMap\n                      type: string\n                    name:\n                      description: Name of the values referent. Should reside in the\n                        same namespace as the referring resource.\n                      maxLength: 253\n                      minLength: 1\n                      type: string\n                    optional:\n                      description: Optional marks this ValuesReference as optional.\n                        When set, a not found error for the values reference is ignored,\n                        but any ValuesKey, TargetPath or transient error will still\n                        result in a reconciliation failure.\n                      type: boolean\n                    targetPath:\n                      description: TargetPath is the YAML dot notation path the value\n                        should be merged at. When set, the ValuesKey is expected to\n                        be a single flat value. Defaults to 'None', which results\n                        in the values getting merged at the root.\n                      type: string\n                    valuesKey:\n                      description: ValuesKey is the data key where the values.yaml\n                        or a specific value can be found at. Defaults to 'values.yaml'.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n            required:\n            - chart\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmReleaseStatus defines the observed state of a HelmRelease.\n            properties:\n              conditions:\n                description: Conditions holds the conditions for the HelmRelease.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              failures:\n                description: Failures is the reconciliation failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              helmChart:\n                description: HelmChart is the namespaced name of the HelmChart resource\n                  created by the controller for the HelmRelease.\n                type: string\n              installFailures:\n                description: InstallFailures is the install failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              lastAppliedRevision:\n                description: LastAppliedRevision is the revision of the last successfully\n                  applied source.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastAttemptedValuesChecksum:\n                description: LastAttemptedValuesChecksum is the SHA1 checksum of the\n                  values of the last reconciliation attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              lastReleaseRevision:\n                description: LastReleaseRevision is the revision of the last successful\n                  Helm release.\n                type: integer\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              upgradeFailures:\n                description: UpgradeFailures is the upgrade failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-            "yaml_body_parsed": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmreleases.helm.toolkit.fluxcd.io\nspec:\n  group: helm.toolkit.fluxcd.io\n  names:\n    kind: HelmRelease\n    listKind: HelmReleaseList\n    plural: helmreleases\n    shortNames:\n    - hr\n    singular: helmrelease\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v2beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRelease is the Schema for the helmreleases API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmReleaseSpec defines the desired state of a Helm release.\n            properties:\n              chart:\n                description: Chart defines the template of the v1beta2.HelmChart that\n                  should be created for this HelmRelease.\n                properties:\n                  spec:\n                    description: Spec holds the template for the v1beta2.HelmChartSpec\n                      for this HelmRelease.\n                    properties:\n                      chart:\n                        description: The name or path the Helm chart is available\n                          at in the SourceRef.\n                        type: string\n                      interval:\n                        description: Interval at which to check the v1beta2.Source\n                          for updates. Defaults to 'HelmReleaseSpec.Interval'.\n                        type: string\n                      reconcileStrategy:\n                        default: ChartVersion\n                        description: Determines what enables the creation of a new\n                          artifact. Valid values are ('ChartVersion', 'Revision').\n                          See the documentation of the values for an explanation on\n                          their behavior. Defaults to ChartVersion when omitted.\n                        enum:\n                        - ChartVersion\n                        - Revision\n                        type: string\n                      sourceRef:\n                        description: The name and namespace of the v1beta2.Source\n                          the chart is available at.\n                        properties:\n                          apiVersion:\n                            description: APIVersion of the referent.\n                            type: string\n                          kind:\n                            description: Kind of the referent.\n                            enum:\n                            - HelmRepository\n                            - GitRepository\n                            - Bucket\n                            type: string\n                          name:\n                            description: Name of the referent.\n                            maxLength: 253\n                            minLength: 1\n                            type: string\n                          namespace:\n                            description: Namespace of the referent.\n                            maxLength: 63\n                            minLength: 1\n                            type: string\n                        required:\n                        - name\n                        type: object\n                      valuesFile:\n                        description: Alternative values file to use as the default\n                          chart values, expected to be a relative path in the SourceRef.\n                          Deprecated in favor of ValuesFiles, for backwards compatibility\n                          the file defined here is merged before the ValuesFiles items.\n                          Ignored when omitted.\n                        type: string\n                      valuesFiles:\n                        description: Alternative list of values files to use as the\n                          chart values (values.yaml is not included by default), expected\n                          to be a relative path in the SourceRef. Values files are\n                          merged in the order of this list with the last file overriding\n                          the first. Ignored when omitted.\n                        items:\n                          type: string\n                        type: array\n                      version:\n                        default: '*'\n                        description: Version semver expression, ignored for charts\n                          from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults\n                          to latest when omitted.\n                        type: string\n                    required:\n                    - chart\n                    - sourceRef\n                    type: object\n                required:\n                - spec\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to HelmRelease resources that must be ready\n                  before this HelmRelease can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              install:\n                description: Install holds the configuration for Helm install actions\n                  for this HelmRelease.\n                properties:\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Create`\n                      and if omitted CRDs are installed but not updated. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are applied (installed) during Helm install action. With this\n                      option users can opt-in to CRD replace existing CRDs on Helm\n                      install actions, which is not (yet) natively supported by Helm.\n                      https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  createNamespace:\n                    description: CreateNamespace tells the Helm install action to\n                      create the HelmReleaseSpec.TargetNamespace if it does not exist\n                      yet. On uninstall, the namespace will not be garbage collected.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm install action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm install\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm install has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm install has been performed.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm install action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an install\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false'.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          an uninstall, is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                    type: object\n                  replace:\n                    description: Replace tells the Helm install action to re-use the\n                      'ReleaseName', but only if that name is a deleted release which\n                      remains in the history.\n                    type: boolean\n                  skipCRDs:\n                    description: \"SkipCRDs tells the Helm install action to not install\n                      any CRDs. By default, CRDs are installed if not already present.\n                      \\n Deprecated use CRD policy (`crds`) attribute with value `Skip`\n                      instead.\"\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              interval:\n                description: Interval at which to reconcile the Helm release.\n                type: string\n              kubeConfig:\n                description: KubeConfig for reconciling the HelmRelease on a remote\n                  cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a key with the kubeconfig file as the value. If no key is specified\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the HelmRelease. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the HelmRelease.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              maxHistory:\n                description: MaxHistory is the number of revisions saved by Helm for\n                  this HelmRelease. Use '0' for an unlimited number of revisions;\n                  defaults to '10'.\n                type: integer\n              postRenderers:\n                description: PostRenderers holds an array of Helm PostRenderers, which\n                  will be applied in order of their definition.\n                items:\n                  description: PostRenderer contains a Helm PostRenderer specification.\n                  properties:\n                    kustomize:\n                      description: Kustomization to apply as PostRenderer.\n                      properties:\n                        images:\n                          description: Images is a list of (image name, new name,\n                            new tag or digest) for changing image names, tags or digests.\n                            This can also be achieved with a patch, but this operator\n                            is simpler to specify.\n                          items:\n                            description: Image contains an image name, a new name,\n                              a new tag or digest, which will replace the original\n                              name and tag.\n                            properties:\n                              digest:\n                                description: Digest is the value used to replace the\n                                  original image tag. If digest is present NewTag\n                                  value is ignored.\n                                type: string\n                              name:\n                                description: Name is a tag-less image name.\n                                type: string\n                              newName:\n                                description: NewName is the value used to replace\n                                  the original name.\n                                type: string\n                              newTag:\n                                description: NewTag is the value used to replace the\n                                  original tag.\n                                type: string\n                            required:\n                            - name\n                            type: object\n                          type: array\n                        patches:\n                          description: Strategic merge and JSON patches, defined as\n                            inline YAML objects, capable of targeting objects based\n                            on kind, label and annotation selectors.\n                          items:\n                            description: Patch contains an inline StrategicMerge or\n                              JSON6902 patch, and the target the patch should be applied\n                              to.\n                            properties:\n                              patch:\n                                description: Patch contains an inline StrategicMerge\n                                  patch or an inline JSON6902 patch with an array\n                                  of operation objects.\n                                type: string\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            type: object\n                          type: array\n                        patchesJson6902:\n                          description: JSON 6902 patches, defined as inline YAML objects.\n                          items:\n                            description: JSON6902Patch contains a JSON6902 patch and\n                              the target the patch should be applied to.\n                            properties:\n                              patch:\n                                description: Patch contains the JSON6902 patch document\n                                  with an array of operation objects.\n                                items:\n                                  description: JSON6902 is a JSON6902 operation object.\n                                    https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                  properties:\n                                    from:\n                                      description: From contains a JSON-pointer value\n                                        that references a location within the target\n                                        document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      type: string\n                                    op:\n                                      description: Op indicates the operation to perform.\n                                        Its value MUST be one of \"add\", \"remove\",\n                                        \"replace\", \"move\", \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                                      enum:\n                                      - test\n                                      - remove\n                                      - add\n                                      - replace\n                                      - move\n                                      - copy\n                                      type: string\n                                    path:\n                                      description: Path contains the JSON-pointer\n                                        value that references a location within the\n                                        target document where the operation is performed.\n                                        The meaning of the value depends on the value\n                                        of Op.\n                                      type: string\n                                    value:\n                                      description: Value contains a valid JSON structure.\n                                        The meaning of the value depends on the value\n                                        of Op, and is NOT taken into account by all\n                                        operations.\n                                      x-kubernetes-preserve-unknown-fields: true\n                                  required:\n                                  - op\n                                  - path\n                                  type: object\n                                type: array\n                              target:\n                                description: Target points to the resources that the\n                                  patch document should be applied to.\n                                properties:\n                                  annotationSelector:\n                                    description: AnnotationSelector is a string that\n                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource annotations.\n                                    type: string\n                                  group:\n                                    description: Group is the API group to select\n                                      resources from. Together with Version and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  kind:\n                                    description: Kind of the API Group to select resources\n                                      from. Together with Group and Version it is\n                                      capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                  labelSelector:\n                                    description: LabelSelector is a string that follows\n                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                                      It matches with the resource labels.\n                                    type: string\n                                  name:\n                                    description: Name to match resources with.\n                                    type: string\n                                  namespace:\n                                    description: Namespace to select resources from.\n                                    type: string\n                                  version:\n                                    description: Version of the API Group to select\n                                      resources from. Together with Group and Kind\n                                      it is capable of unambiguously identifying and/or\n                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                                    type: string\n                                type: object\n                            required:\n                            - patch\n                            - target\n                            type: object\n                          type: array\n                        patchesStrategicMerge:\n                          description: Strategic merge patches, defined as inline\n                            YAML objects.\n                          items:\n                            x-kubernetes-preserve-unknown-fields: true\n                          type: array\n                      type: object\n                  type: object\n                type: array\n              releaseName:\n                description: ReleaseName used for the Helm release. Defaults to a\n                  composition of '[TargetNamespace-]Name'.\n                maxLength: 53\n                minLength: 1\n                type: string\n              rollback:\n                description: Rollback holds the configuration for Helm rollback actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm rollback action when it fails.\n                    type: boolean\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm rollback has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm rollback has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  recreate:\n                    description: Recreate performs pod restarts for the resource if\n                      applicable.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this HelmRelease.\n                type: string\n              storageNamespace:\n                description: StorageNamespace used for the Helm storage. Defaults\n                  to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              suspend:\n                description: Suspend tells the controller to suspend reconciliation\n                  for this HelmRelease, it does not apply to already started reconciliations.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace to target when performing operations\n                  for the HelmRelease. Defaults to the namespace of the HelmRelease.\n                maxLength: 63\n                minLength: 1\n                type: string\n              test:\n                description: Test holds the configuration for Helm test actions for\n                  this HelmRelease.\n                properties:\n                  enable:\n                    description: Enable enables Helm test actions for this HelmRelease\n                      after an Helm install or upgrade action has been performed.\n                    type: boolean\n                  ignoreFailures:\n                    description: IgnoreFailures tells the controller to skip remediation\n                      when the Helm tests are run but fail. Can be overwritten for\n                      tests run after install or upgrade actions in 'Install.IgnoreTestFailures'\n                      and 'Upgrade.IgnoreTestFailures'.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation during the performance of a Helm test action. Defaults\n                      to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              timeout:\n                description: Timeout is the time to wait for any individual Kubernetes\n                  operation (like Jobs for hooks) during the performance of a Helm\n                  action. Defaults to '5m0s'.\n                type: string\n              uninstall:\n                description: Uninstall holds the configuration for Helm uninstall\n                  actions for this HelmRelease.\n                properties:\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm rollback action.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables waiting for all the resources\n                      to be deleted after a Helm uninstall is performed.\n                    type: boolean\n                  keepHistory:\n                    description: KeepHistory tells Helm to remove all associated resources\n                      and mark the release as deleted, but retain the release history.\n                    type: boolean\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              upgrade:\n                description: Upgrade holds the configuration for Helm upgrade actions\n                  for this HelmRelease.\n                properties:\n                  cleanupOnFail:\n                    description: CleanupOnFail allows deletion of new resources created\n                      during the Helm upgrade action when it fails.\n                    type: boolean\n                  crds:\n                    description: \"CRDs upgrade CRDs from the Helm Chart's crds directory\n                      according to the CRD upgrade policy provided here. Valid values\n                      are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and\n                      if omitted CRDs are neither installed nor upgraded. \\n Skip:\n                      do neither install nor replace (update) any CRDs. \\n Create:\n                      new CRDs are created, existing CRDs are neither updated nor\n                      deleted. \\n CreateReplace: new CRDs are created, existing CRDs\n                      are updated (replaced) but not deleted. \\n By default, CRDs\n                      are not applied during Helm upgrade action. With this option\n                      users can opt-in to CRD upgrade, which is not (yet) natively\n                      supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions.\"\n                    enum:\n                    - Skip\n                    - Create\n                    - CreateReplace\n                    type: string\n                  disableHooks:\n                    description: DisableHooks prevents hooks from running during the\n                      Helm upgrade action.\n                    type: boolean\n                  disableOpenAPIValidation:\n                    description: DisableOpenAPIValidation prevents the Helm upgrade\n                      action from validating rendered templates against the Kubernetes\n                      OpenAPI Schema.\n                    type: boolean\n                  disableWait:\n                    description: DisableWait disables the waiting for resources to\n                      be ready after a Helm upgrade has been performed.\n                    type: boolean\n                  disableWaitForJobs:\n                    description: DisableWaitForJobs disables waiting for jobs to complete\n                      after a Helm upgrade has been performed.\n                    type: boolean\n                  force:\n                    description: Force forces resource updates through a replacement\n                      strategy.\n                    type: boolean\n                  preserveValues:\n                    description: PreserveValues will make Helm reuse the last release's\n                      values and merge in overrides from 'Values'. Setting this flag\n                      makes the HelmRelease non-declarative.\n                    type: boolean\n                  remediation:\n                    description: Remediation holds the remediation configuration for\n                      when the Helm upgrade action for the HelmRelease fails. The\n                      default is to not perform any action.\n                    properties:\n                      ignoreTestFailures:\n                        description: IgnoreTestFailures tells the controller to skip\n                          remediation when the Helm tests are run after an upgrade\n                          action but fail. Defaults to 'Test.IgnoreFailures'.\n                        type: boolean\n                      remediateLastFailure:\n                        description: RemediateLastFailure tells the controller to\n                          remediate the last failure, when no retries remain. Defaults\n                          to 'false' unless 'Retries' is greater than 0.\n                        type: boolean\n                      retries:\n                        description: Retries is the number of retries that should\n                          be attempted on failures before bailing. Remediation, using\n                          'Strategy', is performed between each attempt. Defaults\n                          to '0', a negative integer equals to unlimited retries.\n                        type: integer\n                      strategy:\n                        description: Strategy to use for failure remediation. Defaults\n                          to 'rollback'.\n                        enum:\n                        - rollback\n                        - uninstall\n                        type: string\n                    type: object\n                  timeout:\n                    description: Timeout is the time to wait for any individual Kubernetes\n                      operation (like Jobs for hooks) during the performance of a\n                      Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.\n                    type: string\n                type: object\n              values:\n                description: Values holds the values for this Helm release.\n                x-kubernetes-preserve-unknown-fields: true\n              valuesFrom:\n                description: ValuesFrom holds references to resources containing Helm\n                  values for this HelmRelease, and information about how they should\n                  be merged.\n                items:\n                  description: ValuesReference contains a reference to a resource\n                    containing Helm values, and optionally the key they can be found\n                    at.\n                  properties:\n                    kind:\n                      description: Kind of the values referent, valid values are ('Secret',\n                        'ConfigMap').\n                      enum:\n                      - Secret\n                      - ConfigMap\n                      type: string\n                    name:\n                      description: Name of the values referent. Should reside in the\n                        same namespace as the referring resource.\n                      maxLength: 253\n                      minLength: 1\n                      type: string\n                    optional:\n                      description: Optional marks this ValuesReference as optional.\n                        When set, a not found error for the values reference is ignored,\n                        but any ValuesKey, TargetPath or transient error will still\n                        result in a reconciliation failure.\n                      type: boolean\n                    targetPath:\n                      description: TargetPath is the YAML dot notation path the value\n                        should be merged at. When set, the ValuesKey is expected to\n                        be a single flat value. Defaults to 'None', which results\n                        in the values getting merged at the root.\n                      type: string\n                    valuesKey:\n                      description: ValuesKey is the data key where the values.yaml\n                        or a specific value can be found at. Defaults to 'values.yaml'.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n            required:\n            - chart\n            - interval\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmReleaseStatus defines the observed state of a HelmRelease.\n            properties:\n              conditions:\n                description: Conditions holds the conditions for the HelmRelease.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              failures:\n                description: Failures is the reconciliation failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              helmChart:\n                description: HelmChart is the namespaced name of the HelmChart resource\n                  created by the controller for the HelmRelease.\n                type: string\n              installFailures:\n                description: InstallFailures is the install failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n              lastAppliedRevision:\n                description: LastAppliedRevision is the revision of the last successfully\n                  applied source.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastAttemptedValuesChecksum:\n                description: LastAttemptedValuesChecksum is the SHA1 checksum of the\n                  values of the last reconciliation attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              lastReleaseRevision:\n                description: LastReleaseRevision is the revision of the last successful\n                  Helm release.\n                type: integer\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              upgradeFailures:\n                description: UpgradeFailures is the upgrade failure count against\n                  the latest desired state. It is reset after a successful reconciliation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-            "yaml_incluster": "d51b7c35b26ed986bcfa84ed08648f99ac676ee90faa8997907a1f02fdf9a93d"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apiextensions.k8s.io/v1/customresourcedefinition/helmrepositories.source.toolkit.fluxcd.io",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apiextensions.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/helmrepositories.source.toolkit.fluxcd.io",
-            "ignore_fields": null,
-            "kind": "CustomResourceDefinition",
-            "live_manifest_incluster": "6c2509f56e57891949c7bae5eceb2744c992cd14ec3f53aba64e28d0b0a683f4",
-            "live_uid": "519ecd1b-df1b-4395-8827-2bb94900c071",
-            "name": "helmrepositories.source.toolkit.fluxcd.io",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "519ecd1b-df1b-4395-8827-2bb94900c071",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmRepository\n    listKind: HelmRepositoryList\n    plural: helmrepositories\n    shortNames:\n    - helmrepo\n    singular: helmrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec defines the reference to a Helm repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: The interval at which to check the upstream for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Helm repository. For HTTP/S basic auth the secret must contain\n                  username and password fields. For TLS the secret must contain a\n                  certFile and keyFile, and/or caCert fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout of index downloading, defaults to 60s.\n                type: string\n              url:\n                description: The Helm repository URL, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus defines the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last index fetched.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec specifies the required configuration to\n              produce an Artifact for a Helm repository index YAML.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: Interval at which to check the URL for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the HelmRepository. For HTTP/S basic auth the secret\n                  must contain 'username' and 'password' fields. For TLS the secret\n                  must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this HelmRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout of the index fetch operation, defaults to 60s.\n                type: string\n              url:\n                description: URL of the Helm repository, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus records the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful HelmRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise HelmRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-            "yaml_body_parsed": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helmrepositories.source.toolkit.fluxcd.io\nspec:\n  group: source.toolkit.fluxcd.io\n  names:\n    kind: HelmRepository\n    listKind: HelmRepositoryList\n    plural: helmrepositories\n    shortNames:\n    - helmrepo\n    singular: helmrepository\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec defines the reference to a Helm repository.\n            properties:\n              accessFrom:\n                description: AccessFrom defines an Access Control List for allowing\n                  cross-namespace references to this object.\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: The interval at which to check the upstream for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: The name of the secret containing authentication credentials\n                  for the Helm repository. For HTTP/S basic auth the secret must contain\n                  username and password fields. For TLS the secret must contain a\n                  certFile and keyFile, and/or caCert fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend the reconciliation\n                  of this source.\n                type: boolean\n              timeout:\n                default: 60s\n                description: The timeout of index downloading, defaults to 60s.\n                type: string\n              url:\n                description: The Helm repository URL, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus defines the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the output of the last successful\n                  repository sync.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the artifact.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of this artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of this artifact.\n                    type: string\n                  revision:\n                    description: Revision is a human readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm index timestamp, a Helm chart version, etc.\n                    type: string\n                  url:\n                    description: URL is the HTTP address of this artifact.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: URL is the download link for the last index fetched.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .spec.url\n      name: URL\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: HelmRepository is the Schema for the helmrepositories API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: HelmRepositorySpec specifies the required configuration to\n              produce an Artifact for a Helm repository index YAML.\n            properties:\n              accessFrom:\n                description: 'AccessFrom specifies an Access Control List for allowing\n                  cross-namespace references to this object. NOTE: Not implemented,\n                  provisional as of https://github.com/fluxcd/flux2/pull/2092'\n                properties:\n                  namespaceSelectors:\n                    description: NamespaceSelectors is the list of namespace selectors\n                      to which this ACL applies. Items in this list are evaluated\n                      using a logical OR operation.\n                    items:\n                      description: NamespaceSelector selects the namespaces to which\n                        this ACL applies. An empty map of MatchLabels matches all\n                        namespaces in a cluster.\n                      properties:\n                        matchLabels:\n                          additionalProperties:\n                            type: string\n                          description: MatchLabels is a map of {key,value} pairs.\n                            A single {key,value} in the matchLabels map is equivalent\n                            to an element of matchExpressions, whose key field is\n                            \"key\", the operator is \"In\", and the values array contains\n                            only \"value\". The requirements are ANDed.\n                          type: object\n                      type: object\n                    type: array\n                required:\n                - namespaceSelectors\n                type: object\n              interval:\n                description: Interval at which to check the URL for updates.\n                type: string\n              passCredentials:\n                description: PassCredentials allows the credentials from the SecretRef\n                  to be passed on to a host that does not match the host as defined\n                  in URL. This may be required if the host of the advertised chart\n                  URLs in the index differ from the defined URL. Enabling this should\n                  be done with caution, as it can potentially result in credentials\n                  getting stolen in a MITM-attack.\n                type: boolean\n              secretRef:\n                description: SecretRef specifies the Secret containing authentication\n                  credentials for the HelmRepository. For HTTP/S basic auth the secret\n                  must contain 'username' and 'password' fields. For TLS the secret\n                  must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: Suspend tells the controller to suspend the reconciliation\n                  of this HelmRepository.\n                type: boolean\n              timeout:\n                default: 60s\n                description: Timeout of the index fetch operation, defaults to 60s.\n                type: string\n              url:\n                description: URL of the Helm repository, a valid URL contains at least\n                  a protocol and host.\n                type: string\n            required:\n            - interval\n            - url\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: HelmRepositoryStatus records the observed state of the HelmRepository.\n            properties:\n              artifact:\n                description: Artifact represents the last successful HelmRepository\n                  reconciliation.\n                properties:\n                  checksum:\n                    description: Checksum is the SHA256 checksum of the Artifact file.\n                    type: string\n                  lastUpdateTime:\n                    description: LastUpdateTime is the timestamp corresponding to\n                      the last update of the Artifact.\n                    format: date-time\n                    type: string\n                  path:\n                    description: Path is the relative file path of the Artifact. It\n                      can be used to locate the file in the root of the Artifact storage\n                      on the local file system of the controller managing the Source.\n                    type: string\n                  revision:\n                    description: Revision is a human-readable identifier traceable\n                      in the origin source system. It can be a Git commit SHA, Git\n                      tag, a Helm chart version, etc.\n                    type: string\n                  size:\n                    description: Size is the number of bytes in the file.\n                    format: int64\n                    type: integer\n                  url:\n                    description: URL is the HTTP address of the Artifact as exposed\n                      by the controller managing the Source. It can be used to retrieve\n                      the Artifact for consumption, e.g. by another controller applying\n                      the Artifact contents.\n                    type: string\n                required:\n                - path\n                - url\n                type: object\n              conditions:\n                description: Conditions holds the conditions for the HelmRepository.\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation of\n                  the HelmRepository object.\n                format: int64\n                type: integer\n              url:\n                description: URL is the dynamic fetch link for the latest Artifact.\n                  It is provided on a \"best effort\" basis, and using the precise HelmRepositoryStatus.Artifact\n                  data is recommended.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-            "yaml_incluster": "6c2509f56e57891949c7bae5eceb2744c992cd14ec3f53aba64e28d0b0a683f4"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apiextensions.k8s.io/v1/customresourcedefinition/kustomizations.kustomize.toolkit.fluxcd.io",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apiextensions.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/kustomizations.kustomize.toolkit.fluxcd.io",
-            "ignore_fields": null,
-            "kind": "CustomResourceDefinition",
-            "live_manifest_incluster": "fd7e8602f5c8f9c751fc481764ee8c7fbe00c1e39e611464521002e45fb44580",
-            "live_uid": "09c02430-bd93-4995-8816-220b03cd8a43",
-            "name": "kustomizations.kustomize.toolkit.fluxcd.io",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "09c02430-bd93-4995-8816-220b03cd8a43",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomizations.kustomize.toolkit.fluxcd.io\nspec:\n  group: kustomize.toolkit.fluxcd.io\n  names:\n    kind: Kustomization\n    listKind: KustomizationList\n    plural: kustomizations\n    shortNames:\n    - ks\n    singular: kustomization\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the desired state of a kustomization.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When specified, KubeConfig takes precedence over\n                  ServiceAccountName.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a 'value' key with the kubeconfig file as the value. It must\n                      be in the same namespace as the Kustomization. It is recommended\n                      that the kubeconfig is self-contained, and the secret is regularly\n                      updated if credentials such as a cloud-access-token expire.\n                      Cloud specific `cmd-path` auth helpers will not function without\n                      adding binaries and credentials to the Pod that is responsible\n                      for reconciling the Kustomization.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: JSON 6902 patches, defined as inline YAML objects.\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: Strategic merge patches, defined as inline YAML objects.\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent\n                    type: string\n                  kind:\n                    description: Kind of the referent\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the Kustomization\n                      namespace\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: Validate the Kubernetes objects before applying them\n                  on the cluster. The validation strategy can be 'client' (local dry-run),\n                  'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',\n                  validation will fallback to 'client' if set to 'server' because\n                  server-side validation is not supported in this scenario.\n                enum:\n                - none\n                - client\n                - server\n                type: string\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n              snapshot:\n                description: The last successfully applied revision metadata.\n                properties:\n                  checksum:\n                    description: The manifests sha1 checksum.\n                    type: string\n                  entries:\n                    description: A list of Kubernetes kinds grouped by namespace.\n                    items:\n                      description: Snapshot holds the metadata of namespaced Kubernetes\n                        objects\n                      properties:\n                        kinds:\n                          additionalProperties:\n                            type: string\n                          description: The list of Kubernetes kinds.\n                          type: object\n                        namespace:\n                          description: The namespace of this entry.\n                          type: string\n                      required:\n                      - kinds\n                      type: object\n                    type: array\n                required:\n                - checksum\n                - entries\n                type: object\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the configuration to calculate\n              the desired state from a Source using Kustomize.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name of a secret that contains\n                      a key with the kubeconfig file as the value. If no key is set,\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the Kustomization. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the Kustomization.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:\n                  Use Patches instead.'\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: 'Strategic merge patches, defined as inline YAML objects.\n                  Deprecated: Use Patches instead.'\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                        optional:\n                          default: false\n                          description: Optional indicates whether the referenced resource\n                            must exist, or whether to tolerate its absence. If true\n                            and the referenced resource is absent, proceed as if the\n                            resource was present but empty, without any variables\n                            defined.\n                          type: boolean\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent.\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the namespace\n                      of the Kubernetes resource object that contains the reference.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: 'Deprecated: Not used in v1beta2.'\n                enum:\n                - none\n                - client\n                - server\n                type: string\n              wait:\n                description: Wait instructs the controller to check the health of\n                  all the reconciled resources. When enabled, the HealthChecks are\n                  ignored. Defaults to false.\n                type: boolean\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              inventory:\n                description: Inventory contains the list of Kubernetes resource object\n                  references that have been successfully applied.\n                properties:\n                  entries:\n                    description: Entries of Kubernetes resource object references.\n                    items:\n                      description: ResourceRef contains the information necessary\n                        to locate a resource within a cluster.\n                      properties:\n                        id:\n                          description: ID is the string representation of the Kubernetes\n                            resource object's metadata, in the format '\u003cnamespace\u003e_\u003cname\u003e_\u003cgroup\u003e_\u003ckind\u003e'.\n                          type: string\n                        v:\n                          description: Version is the API version of the Kubernetes\n                            resource object's kind.\n                          type: string\n                      required:\n                      - id\n                      - v\n                      type: object\n                    type: array\n                required:\n                - entries\n                type: object\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-            "yaml_body_parsed": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomizations.kustomize.toolkit.fluxcd.io\nspec:\n  group: kustomize.toolkit.fluxcd.io\n  names:\n    kind: Kustomization\n    listKind: KustomizationList\n    plural: kustomizations\n    shortNames:\n    - ks\n    singular: kustomization\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the desired state of a kustomization.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When specified, KubeConfig takes precedence over\n                  ServiceAccountName.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name to a secret that contains\n                      a 'value' key with the kubeconfig file as the value. It must\n                      be in the same namespace as the Kustomization. It is recommended\n                      that the kubeconfig is self-contained, and the secret is regularly\n                      updated if credentials such as a cloud-access-token expire.\n                      Cloud specific `cmd-path` auth helpers will not function without\n                      adding binaries and credentials to the Pod that is responsible\n                      for reconciling the Kustomization.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: JSON 6902 patches, defined as inline YAML objects.\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: Strategic merge patches, defined as inline YAML objects.\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent\n                    type: string\n                  kind:\n                    description: Kind of the referent\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the Kustomization\n                      namespace\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: Validate the Kubernetes objects before applying them\n                  on the cluster. The validation strategy can be 'client' (local dry-run),\n                  'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',\n                  validation will fallback to 'client' if set to 'server' because\n                  server-side validation is not supported in this scenario.\n                enum:\n                - none\n                - client\n                - server\n                type: string\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n              snapshot:\n                description: The last successfully applied revision metadata.\n                properties:\n                  checksum:\n                    description: The manifests sha1 checksum.\n                    type: string\n                  entries:\n                    description: A list of Kubernetes kinds grouped by namespace.\n                    items:\n                      description: Snapshot holds the metadata of namespaced Kubernetes\n                        objects\n                      properties:\n                        kinds:\n                          additionalProperties:\n                            type: string\n                          description: The list of Kubernetes kinds.\n                          type: object\n                        namespace:\n                          description: The namespace of this entry.\n                          type: string\n                      required:\n                      - kinds\n                      type: object\n                    type: array\n                required:\n                - checksum\n                - entries\n                type: object\n            type: object\n        type: object\n    served: true\n    storage: false\n    subresources:\n      status: {}\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta2\n    schema:\n      openAPIV3Schema:\n        description: Kustomization is the Schema for the kustomizations API.\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: KustomizationSpec defines the configuration to calculate\n              the desired state from a Source using Kustomize.\n            properties:\n              decryption:\n                description: Decrypt Kubernetes secrets before applying them on the\n                  cluster.\n                properties:\n                  provider:\n                    description: Provider is the name of the decryption engine.\n                    enum:\n                    - sops\n                    type: string\n                  secretRef:\n                    description: The secret name containing the private OpenPGP keys\n                      used for decryption.\n                    properties:\n                      name:\n                        description: Name of the referent.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                required:\n                - provider\n                type: object\n              dependsOn:\n                description: DependsOn may contain a meta.NamespacedObjectReference\n                  slice with references to Kustomization resources that must be ready\n                  before this Kustomization can be reconciled.\n                items:\n                  description: NamespacedObjectReference contains enough information\n                    to locate the referenced Kubernetes resource object in any namespace.\n                  properties:\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              force:\n                default: false\n                description: Force instructs the controller to recreate resources\n                  when patching fails due to an immutable field change.\n                type: boolean\n              healthChecks:\n                description: A list of resources to be included in the health assessment.\n                items:\n                  description: NamespacedObjectKindReference contains enough information\n                    to locate the typed referenced Kubernetes resource object in any\n                    namespace.\n                  properties:\n                    apiVersion:\n                      description: API version of the referent, if not specified the\n                        Kubernetes preferred version will be used.\n                      type: string\n                    kind:\n                      description: Kind of the referent.\n                      type: string\n                    name:\n                      description: Name of the referent.\n                      type: string\n                    namespace:\n                      description: Namespace of the referent, when not specified it\n                        acts as LocalObjectReference.\n                      type: string\n                  required:\n                  - kind\n                  - name\n                  type: object\n                type: array\n              images:\n                description: Images is a list of (image name, new name, new tag or\n                  digest) for changing image names, tags or digests. This can also\n                  be achieved with a patch, but this operator is simpler to specify.\n                items:\n                  description: Image contains an image name, a new name, a new tag\n                    or digest, which will replace the original name and tag.\n                  properties:\n                    digest:\n                      description: Digest is the value used to replace the original\n                        image tag. If digest is present NewTag value is ignored.\n                      type: string\n                    name:\n                      description: Name is a tag-less image name.\n                      type: string\n                    newName:\n                      description: NewName is the value used to replace the original\n                        name.\n                      type: string\n                    newTag:\n                      description: NewTag is the value used to replace the original\n                        tag.\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              interval:\n                description: The interval at which to reconcile the Kustomization.\n                type: string\n              kubeConfig:\n                description: The KubeConfig for reconciling the Kustomization on a\n                  remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,\n                  forces the controller to act on behalf of that Service Account at\n                  the target cluster. If the --default-service-account flag is set,\n                  its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName\n                  is empty.\n                properties:\n                  secretRef:\n                    description: SecretRef holds the name of a secret that contains\n                      a key with the kubeconfig file as the value. If no key is set,\n                      the key will default to 'value'. The secret must be in the same\n                      namespace as the Kustomization. It is recommended that the kubeconfig\n                      is self-contained, and the secret is regularly updated if credentials\n                      such as a cloud-access-token expire. Cloud specific `cmd-path`\n                      auth helpers will not function without adding binaries and credentials\n                      to the Pod that is responsible for reconciling the Kustomization.\n                    properties:\n                      key:\n                        description: Key in the Secret, when not specified an implementation-specific\n                          default key is used.\n                        type: string\n                      name:\n                        description: Name of the Secret.\n                        type: string\n                    required:\n                    - name\n                    type: object\n                type: object\n              patches:\n                description: Strategic merge and JSON patches, defined as inline YAML\n                  objects, capable of targeting objects based on kind, label and annotation\n                  selectors.\n                items:\n                  description: Patch contains an inline StrategicMerge or JSON6902\n                    patch, and the target the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains an inline StrategicMerge patch or\n                        an inline JSON6902 patch with an array of operation objects.\n                      type: string\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  type: object\n                type: array\n              patchesJson6902:\n                description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:\n                  Use Patches instead.'\n                items:\n                  description: JSON6902Patch contains a JSON6902 patch and the target\n                    the patch should be applied to.\n                  properties:\n                    patch:\n                      description: Patch contains the JSON6902 patch document with\n                        an array of operation objects.\n                      items:\n                        description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                        properties:\n                          from:\n                            description: From contains a JSON-pointer value that references\n                              a location within the target document where the operation\n                              is performed. The meaning of the value depends on the\n                              value of Op, and is NOT taken into account by all operations.\n                            type: string\n                          op:\n                            description: Op indicates the operation to perform. Its\n                              value MUST be one of \"add\", \"remove\", \"replace\", \"move\",\n                              \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4\n                            enum:\n                            - test\n                            - remove\n                            - add\n                            - replace\n                            - move\n                            - copy\n                            type: string\n                          path:\n                            description: Path contains the JSON-pointer value that\n                              references a location within the target document where\n                              the operation is performed. The meaning of the value\n                              depends on the value of Op.\n                            type: string\n                          value:\n                            description: Value contains a valid JSON structure. The\n                              meaning of the value depends on the value of Op, and\n                              is NOT taken into account by all operations.\n                            x-kubernetes-preserve-unknown-fields: true\n                        required:\n                        - op\n                        - path\n                        type: object\n                      type: array\n                    target:\n                      description: Target points to the resources that the patch document\n                        should be applied to.\n                      properties:\n                        annotationSelector:\n                          description: AnnotationSelector is a string that follows\n                            the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource annotations.\n                          type: string\n                        group:\n                          description: Group is the API group to select resources\n                            from. Together with Version and Kind it is capable of\n                            unambiguously identifying and/or selecting resources.\n                            https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        kind:\n                          description: Kind of the API Group to select resources from.\n                            Together with Group and Version it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                        labelSelector:\n                          description: LabelSelector is a string that follows the\n                            label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\n                            It matches with the resource labels.\n                          type: string\n                        name:\n                          description: Name to match resources with.\n                          type: string\n                        namespace:\n                          description: Namespace to select resources from.\n                          type: string\n                        version:\n                          description: Version of the API Group to select resources\n                            from. Together with Group and Kind it is capable of unambiguously\n                            identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md\n                          type: string\n                      type: object\n                  required:\n                  - patch\n                  - target\n                  type: object\n                type: array\n              patchesStrategicMerge:\n                description: 'Strategic merge patches, defined as inline YAML objects.\n                  Deprecated: Use Patches instead.'\n                items:\n                  x-kubernetes-preserve-unknown-fields: true\n                type: array\n              path:\n                description: Path to the directory containing the kustomization.yaml\n                  file, or the set of plain YAMLs a kustomization.yaml should be generated\n                  for. Defaults to 'None', which translates to the root path of the\n                  SourceRef.\n                type: string\n              postBuild:\n                description: PostBuild describes which actions to perform on the YAML\n                  manifest generated by building the kustomize overlay.\n                properties:\n                  substitute:\n                    additionalProperties:\n                      type: string\n                    description: Substitute holds a map of key/value pairs. The variables\n                      defined in your YAML manifests that match any of the keys defined\n                      in the map will be substituted with the set value. Includes\n                      support for bash string replacement functions e.g. ${var:=default},\n                      ${var:position} and ${var/substring/replacement}.\n                    type: object\n                  substituteFrom:\n                    description: SubstituteFrom holds references to ConfigMaps and\n                      Secrets containing the variables and their values to be substituted\n                      in the YAML manifests. The ConfigMap and the Secret data keys\n                      represent the var names and they must match the vars declared\n                      in the manifests for the substitution to happen.\n                    items:\n                      description: SubstituteReference contains a reference to a resource\n                        containing the variables name and value.\n                      properties:\n                        kind:\n                          description: Kind of the values referent, valid values are\n                            ('Secret', 'ConfigMap').\n                          enum:\n                          - Secret\n                          - ConfigMap\n                          type: string\n                        name:\n                          description: Name of the values referent. Should reside\n                            in the same namespace as the referring resource.\n                          maxLength: 253\n                          minLength: 1\n                          type: string\n                        optional:\n                          default: false\n                          description: Optional indicates whether the referenced resource\n                            must exist, or whether to tolerate its absence. If true\n                            and the referenced resource is absent, proceed as if the\n                            resource was present but empty, without any variables\n                            defined.\n                          type: boolean\n                      required:\n                      - kind\n                      - name\n                      type: object\n                    type: array\n                type: object\n              prune:\n                description: Prune enables garbage collection.\n                type: boolean\n              retryInterval:\n                description: The interval at which to retry a previously failed reconciliation.\n                  When not specified, the controller uses the KustomizationSpec.Interval\n                  value to retry failures.\n                type: string\n              serviceAccountName:\n                description: The name of the Kubernetes service account to impersonate\n                  when reconciling this Kustomization.\n                type: string\n              sourceRef:\n                description: Reference of the source where the kustomization file\n                  is.\n                properties:\n                  apiVersion:\n                    description: API version of the referent.\n                    type: string\n                  kind:\n                    description: Kind of the referent.\n                    enum:\n                    - GitRepository\n                    - Bucket\n                    type: string\n                  name:\n                    description: Name of the referent.\n                    type: string\n                  namespace:\n                    description: Namespace of the referent, defaults to the namespace\n                      of the Kubernetes resource object that contains the reference.\n                    type: string\n                required:\n                - kind\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  kustomize executions, it does not apply to already started executions.\n                  Defaults to false.\n                type: boolean\n              targetNamespace:\n                description: TargetNamespace sets or overrides the namespace in the\n                  kustomization.yaml file.\n                maxLength: 63\n                minLength: 1\n                type: string\n              timeout:\n                description: Timeout for validation, apply and health checking operations.\n                  Defaults to 'Interval' duration.\n                type: string\n              validation:\n                description: 'Deprecated: Not used in v1beta2.'\n                enum:\n                - none\n                - client\n                - server\n                type: string\n              wait:\n                description: Wait instructs the controller to check the health of\n                  all the reconciled resources. When enabled, the HealthChecks are\n                  ignored. Defaults to false.\n                type: boolean\n            required:\n            - interval\n            - prune\n            - sourceRef\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: KustomizationStatus defines the observed state of a kustomization.\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              inventory:\n                description: Inventory contains the list of Kubernetes resource object\n                  references that have been successfully applied.\n                properties:\n                  entries:\n                    description: Entries of Kubernetes resource object references.\n                    items:\n                      description: ResourceRef contains the information necessary\n                        to locate a resource within a cluster.\n                      properties:\n                        id:\n                          description: ID is the string representation of the Kubernetes\n                            resource object's metadata, in the format '\u003cnamespace\u003e_\u003cname\u003e_\u003cgroup\u003e_\u003ckind\u003e'.\n                          type: string\n                        v:\n                          description: Version is the API version of the Kubernetes\n                            resource object's kind.\n                          type: string\n                      required:\n                      - id\n                      - v\n                      type: object\n                    type: array\n                required:\n                - entries\n                type: object\n              lastAppliedRevision:\n                description: The last successfully applied revision. The revision\n                  format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.\n                type: string\n              lastAttemptedRevision:\n                description: LastAttemptedRevision is the revision of the last reconciliation\n                  attempt.\n                type: string\n              lastHandledReconcileAt:\n                description: LastHandledReconcileAt holds the value of the most recent\n                  reconcile request value, so a change of the annotation value can\n                  be detected.\n                type: string\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-            "yaml_incluster": "fd7e8602f5c8f9c751fc481764ee8c7fbe00c1e39e611464521002e45fb44580"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apiextensions.k8s.io/v1/customresourcedefinition/providers.notification.toolkit.fluxcd.io",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apiextensions.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/providers.notification.toolkit.fluxcd.io",
-            "ignore_fields": null,
-            "kind": "CustomResourceDefinition",
-            "live_manifest_incluster": "faeef9c1996db75461977384cdc5289aeecc9c3b200860f9aeaad7144e0a6d85",
-            "live_uid": "398ef839-005c-4b63-a0e1-4cf8c27ed8e4",
-            "name": "providers.notification.toolkit.fluxcd.io",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "398ef839-005c-4b63-a0e1-4cf8c27ed8e4",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: providers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Provider\n    listKind: ProviderList\n    plural: providers\n    singular: provider\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Provider is the Schema for the providers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ProviderSpec defines the desired state of Provider\n            properties:\n              address:\n                description: HTTP/S webhook address of this provider\n                pattern: ^(http|https)://\n                type: string\n              certSecretRef:\n                description: CertSecretRef can be given the name of a secret containing\n                  a PEM-encoded CA certificate (`caFile`)\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              channel:\n                description: Alert channel for this provider\n                type: string\n              proxy:\n                description: HTTP/S address of the proxy\n                pattern: ^(http|https)://\n                type: string\n              secretRef:\n                description: Secret reference containing the provider webhook URL\n                  using \"address\" as data key\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of provider\n                enum:\n                - slack\n                - discord\n                - msteams\n                - rocket\n                - generic\n                - github\n                - gitlab\n                - bitbucket\n                - azuredevops\n                - googlechat\n                - webex\n                - sentry\n                - azureeventhub\n                - telegram\n                - lark\n                - matrix\n                - opsgenie\n                - alertmanager\n                - grafana\n                type: string\n              username:\n                description: Bot username for this provider\n                type: string\n            required:\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ProviderStatus defines the observed state of Provider\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-            "yaml_body_parsed": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: providers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Provider\n    listKind: ProviderList\n    plural: providers\n    singular: provider\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Provider is the Schema for the providers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ProviderSpec defines the desired state of Provider\n            properties:\n              address:\n                description: HTTP/S webhook address of this provider\n                pattern: ^(http|https)://\n                type: string\n              certSecretRef:\n                description: CertSecretRef can be given the name of a secret containing\n                  a PEM-encoded CA certificate (`caFile`)\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              channel:\n                description: Alert channel for this provider\n                type: string\n              proxy:\n                description: HTTP/S address of the proxy\n                pattern: ^(http|https)://\n                type: string\n              secretRef:\n                description: Secret reference containing the provider webhook URL\n                  using \"address\" as data key\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of provider\n                enum:\n                - slack\n                - discord\n                - msteams\n                - rocket\n                - generic\n                - github\n                - gitlab\n                - bitbucket\n                - azuredevops\n                - googlechat\n                - webex\n                - sentry\n                - azureeventhub\n                - telegram\n                - lark\n                - matrix\n                - opsgenie\n                - alertmanager\n                - grafana\n                type: string\n              username:\n                description: Bot username for this provider\n                type: string\n            required:\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ProviderStatus defines the observed state of Provider\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last reconciled generation.\n                format: int64\n                type: integer\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-            "yaml_incluster": "faeef9c1996db75461977384cdc5289aeecc9c3b200860f9aeaad7144e0a6d85"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apiextensions.k8s.io/v1/customresourcedefinition/receivers.notification.toolkit.fluxcd.io",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apiextensions.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/receivers.notification.toolkit.fluxcd.io",
-            "ignore_fields": null,
-            "kind": "CustomResourceDefinition",
-            "live_manifest_incluster": "a5c61c680526fbad949575b286791b8f9e17af94bead5575a34e08e55754d743",
-            "live_uid": "078824fd-21f8-4a80-bc34-ba5f397352a6",
-            "name": "receivers.notification.toolkit.fluxcd.io",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "078824fd-21f8-4a80-bc34-ba5f397352a6",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: receivers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Receiver\n    listKind: ReceiverList\n    plural: receivers\n    singular: receiver\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Receiver is the Schema for the receivers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ReceiverSpec defines the desired state of Receiver\n            properties:\n              events:\n                description: A list of events to handle, e.g. 'push' for GitHub or\n                  'Push Hook' for GitLab.\n                items:\n                  type: string\n                type: array\n              resources:\n                description: A list of resources to be notified about changes.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              secretRef:\n                description: Secret reference containing the token used to validate\n                  the payload authenticity\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of webhook sender, used to determine the validation\n                  procedure and payload deserialization.\n                enum:\n                - generic\n                - generic-hmac\n                - github\n                - gitlab\n                - bitbucket\n                - harbor\n                - dockerhub\n                - quay\n                - gcr\n                - nexus\n                - acr\n                type: string\n            required:\n            - resources\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ReceiverStatus defines the observed state of Receiver\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []",
-            "yaml_body_parsed": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.7.0\n  creationTimestamp: null\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: receivers.notification.toolkit.fluxcd.io\nspec:\n  group: notification.toolkit.fluxcd.io\n  names:\n    kind: Receiver\n    listKind: ReceiverList\n    plural: receivers\n    singular: receiver\n  scope: Namespaced\n  versions:\n  - additionalPrinterColumns:\n    - jsonPath: .metadata.creationTimestamp\n      name: Age\n      type: date\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].status\n      name: Ready\n      type: string\n    - jsonPath: .status.conditions[?(@.type==\"Ready\")].message\n      name: Status\n      type: string\n    name: v1beta1\n    schema:\n      openAPIV3Schema:\n        description: Receiver is the Schema for the receivers API\n        properties:\n          apiVersion:\n            description: 'APIVersion defines the versioned schema of this representation\n              of an object. Servers should convert recognized schemas to the latest\n              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n            type: string\n          kind:\n            description: 'Kind is a string value representing the REST resource this\n              object represents. Servers may infer this from the endpoint the client\n              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n            type: string\n          metadata:\n            type: object\n          spec:\n            description: ReceiverSpec defines the desired state of Receiver\n            properties:\n              events:\n                description: A list of events to handle, e.g. 'push' for GitHub or\n                  'Push Hook' for GitLab.\n                items:\n                  type: string\n                type: array\n              resources:\n                description: A list of resources to be notified about changes.\n                items:\n                  description: CrossNamespaceObjectReference contains enough information\n                    to let you locate the typed referenced object at cluster level\n                  properties:\n                    apiVersion:\n                      description: API version of the referent\n                      type: string\n                    kind:\n                      description: Kind of the referent\n                      enum:\n                      - Bucket\n                      - GitRepository\n                      - Kustomization\n                      - HelmRelease\n                      - HelmChart\n                      - HelmRepository\n                      - ImageRepository\n                      - ImagePolicy\n                      - ImageUpdateAutomation\n                      type: string\n                    matchLabels:\n                      additionalProperties:\n                        type: string\n                      description: MatchLabels is a map of {key,value} pairs. A single\n                        {key,value} in the matchLabels map is equivalent to an element\n                        of matchExpressions, whose key field is \"key\", the operator\n                        is \"In\", and the values array contains only \"value\". The requirements\n                        are ANDed.\n                      type: object\n                    name:\n                      description: Name of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                    namespace:\n                      description: Namespace of the referent\n                      maxLength: 53\n                      minLength: 1\n                      type: string\n                  required:\n                  - name\n                  type: object\n                type: array\n              secretRef:\n                description: Secret reference containing the token used to validate\n                  the payload authenticity\n                properties:\n                  name:\n                    description: Name of the referent.\n                    type: string\n                required:\n                - name\n                type: object\n              suspend:\n                description: This flag tells the controller to suspend subsequent\n                  events handling. Defaults to false.\n                type: boolean\n              type:\n                description: Type of webhook sender, used to determine the validation\n                  procedure and payload deserialization.\n                enum:\n                - generic\n                - generic-hmac\n                - github\n                - gitlab\n                - bitbucket\n                - harbor\n                - dockerhub\n                - quay\n                - gcr\n                - nexus\n                - acr\n                type: string\n            required:\n            - resources\n            - type\n            type: object\n          status:\n            default:\n              observedGeneration: -1\n            description: ReceiverStatus defines the observed state of Receiver\n            properties:\n              conditions:\n                items:\n                  description: \"Condition contains details for one aspect of the current\n                    state of this API Resource. --- This struct is intended for direct\n                    use as an array at the field path .status.conditions.  For example,\n                    type FooStatus struct{     // Represents the observations of a\n                    foo's current state.     // Known .status.conditions.type are:\n                    \\\"Available\\\", \\\"Progressing\\\", and \\\"Degraded\\\"     // +patchMergeKey=type\n                    \\    // +patchStrategy=merge     // +listType=map     // +listMapKey=type\n                    \\    Conditions []metav1.Condition `json:\\\"conditions,omitempty\\\"\n                    patchStrategy:\\\"merge\\\" patchMergeKey:\\\"type\\\" protobuf:\\\"bytes,1,rep,name=conditions\\\"`\n                    \\n     // other fields }\"\n                  properties:\n                    lastTransitionTime:\n                      description: lastTransitionTime is the last time the condition\n                        transitioned from one status to another. This should be when\n                        the underlying condition changed.  If that is not known, then\n                        using the time when the API field changed is acceptable.\n                      format: date-time\n                      type: string\n                    message:\n                      description: message is a human readable message indicating\n                        details about the transition. This may be an empty string.\n                      maxLength: 32768\n                      type: string\n                    observedGeneration:\n                      description: observedGeneration represents the .metadata.generation\n                        that the condition was set based upon. For instance, if .metadata.generation\n                        is currently 12, but the .status.conditions[x].observedGeneration\n                        is 9, the condition is out of date with respect to the current\n                        state of the instance.\n                      format: int64\n                      minimum: 0\n                      type: integer\n                    reason:\n                      description: reason contains a programmatic identifier indicating\n                        the reason for the condition's last transition. Producers\n                        of specific condition types may define expected values and\n                        meanings for this field, and whether the values are considered\n                        a guaranteed API. The value should be a CamelCase string.\n                        This field may not be empty.\n                      maxLength: 1024\n                      minLength: 1\n                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$\n                      type: string\n                    status:\n                      description: status of the condition, one of True, False, Unknown.\n                      enum:\n                      - \"True\"\n                      - \"False\"\n                      - Unknown\n                      type: string\n                    type:\n                      description: type of condition in CamelCase or in foo.example.com/CamelCase.\n                        --- Many .condition.type values are consistent across resources\n                        like Available, but because arbitrary conditions can be useful\n                        (see .node.status.conditions), the ability to deconflict is\n                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)\n                      maxLength: 316\n                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$\n                      type: string\n                  required:\n                  - lastTransitionTime\n                  - message\n                  - reason\n                  - status\n                  - type\n                  type: object\n                type: array\n              observedGeneration:\n                description: ObservedGeneration is the last observed generation.\n                format: int64\n                type: integer\n              url:\n                description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.\n                type: string\n            type: object\n        type: object\n    served: true\n    storage: true\n    subresources:\n      status: {}\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []\n",
-            "yaml_incluster": "a5c61c680526fbad949575b286791b8f9e17af94bead5575a34e08e55754d743"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apps/v1/deployment/flux-system/helm-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apps/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apps/v1/namespaces/flux-system/deployments/helm-controller",
-            "ignore_fields": null,
-            "kind": "Deployment",
-            "live_manifest_incluster": "e4a3b3bfd6bd6ffd2658edf4addbe86e4de9eb9ed18ac572badad9ac837f4824",
-            "live_uid": "595c94bd-2897-4105-a6eb-f7f3d28aef31",
-            "name": "helm-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "595c94bd-2897-4105-a6eb-f7f3d28aef31",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: helm-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: helm-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: helm-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/helm-controller:v0.21.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: helm-controller\n      terminationGracePeriodSeconds: 600\n      volumes:\n      - emptyDir: {}\n        name: temp",
-            "yaml_body_parsed": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: helm-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: helm-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: helm-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/helm-controller:v0.21.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: helm-controller\n      terminationGracePeriodSeconds: 600\n      volumes:\n      - emptyDir: {}\n        name: temp\n",
-            "yaml_incluster": "e4a3b3bfd6bd6ffd2658edf4addbe86e4de9eb9ed18ac572badad9ac837f4824"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apps/v1/deployment/flux-system/kustomize-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apps/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apps/v1/namespaces/flux-system/deployments/kustomize-controller",
-            "ignore_fields": null,
-            "kind": "Deployment",
-            "live_manifest_incluster": "2826c2c4389823e3aaf89d714a101f295d74b565e99bd2a4d7436ce727817cea",
-            "live_uid": "7ea37437-55b7-4168-883a-1754bbeccd07",
-            "name": "kustomize-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "7ea37437-55b7-4168-883a-1754bbeccd07",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: kustomize-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: kustomize-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: kustomize-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/kustomize-controller:v0.25.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: kustomize-controller\n      terminationGracePeriodSeconds: 60\n      volumes:\n      - emptyDir: {}\n        name: temp",
-            "yaml_body_parsed": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: kustomize-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: kustomize-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: kustomize-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/kustomize-controller:v0.25.0\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: kustomize-controller\n      terminationGracePeriodSeconds: 60\n      volumes:\n      - emptyDir: {}\n        name: temp\n",
-            "yaml_incluster": "2826c2c4389823e3aaf89d714a101f295d74b565e99bd2a4d7436ce727817cea"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apps/v1/deployment/flux-system/notification-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apps/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apps/v1/namespaces/flux-system/deployments/notification-controller",
-            "ignore_fields": null,
-            "kind": "Deployment",
-            "live_manifest_incluster": "6540cfaf3a1ae420ceb422d5fe5768c84e0297aae12d61c0204ad49d6c7f24c5",
-            "live_uid": "240b64d6-e55b-4e86-bdb7-cfd022661d13",
-            "name": "notification-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "240b64d6-e55b-4e86-bdb7-cfd022661d13",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: notification-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: notification-controller\n    spec:\n      containers:\n      - args:\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/notification-controller:v0.23.5\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 9292\n          name: http-webhook\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: notification-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: temp",
-            "yaml_body_parsed": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: notification-controller\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: notification-controller\n    spec:\n      containers:\n      - args:\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/notification-controller:v0.23.5\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 9292\n          name: http-webhook\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /readyz\n            port: healthz\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 100m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /tmp\n          name: temp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: notification-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: temp\n",
-            "yaml_incluster": "6540cfaf3a1ae420ceb422d5fe5768c84e0297aae12d61c0204ad49d6c7f24c5"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "apps/v1/deployment/flux-system/source-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "apps/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/apps/v1/namespaces/flux-system/deployments/source-controller",
-            "ignore_fields": null,
-            "kind": "Deployment",
-            "live_manifest_incluster": "e1aba2209a36f10008a7a3ad79fcfbe50d58900fcb41060ab652fcf6364d6b7f",
-            "live_uid": "f06006e9-a0d5-492b-bedc-76bd68b508e6",
-            "name": "source-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "f06006e9-a0d5-492b-bedc-76bd68b508e6",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: source-controller\n  strategy:\n    type: Recreate\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: source-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        - --storage-path=/data\n        - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/source-controller:v0.24.4\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /\n            port: http\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 50m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /data\n          name: data\n        - mountPath: /tmp\n          name: tmp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: source-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: data\n      - emptyDir: {}\n        name: tmp",
-            "yaml_body_parsed": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: source-controller\n  strategy:\n    type: Recreate\n  template:\n    metadata:\n      annotations:\n        prometheus.io/port: \"8080\"\n        prometheus.io/scrape: \"true\"\n      labels:\n        app: source-controller\n    spec:\n      containers:\n      - args:\n        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./\n        - --watch-all-namespaces=true\n        - --log-level=info\n        - --log-encoding=json\n        - --enable-leader-election\n        - --storage-path=/data\n        - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.\n        env:\n        - name: RUNTIME_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        image: ghcr.io/fluxcd/source-controller:v0.24.4\n        imagePullPolicy: IfNotPresent\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: healthz\n        name: manager\n        ports:\n        - containerPort: 9090\n          name: http\n          protocol: TCP\n        - containerPort: 8080\n          name: http-prom\n          protocol: TCP\n        - containerPort: 9440\n          name: healthz\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /\n            port: http\n        resources:\n          limits:\n            cpu: 1000m\n            memory: 1Gi\n          requests:\n            cpu: 50m\n            memory: 64Mi\n        securityContext:\n          allowPrivilegeEscalation: false\n          capabilities:\n            drop:\n            - ALL\n          readOnlyRootFilesystem: true\n          runAsNonRoot: true\n          seccompProfile:\n            type: RuntimeDefault\n        volumeMounts:\n        - mountPath: /data\n          name: data\n        - mountPath: /tmp\n          name: tmp\n      nodeSelector:\n        kubernetes.io/os: linux\n      securityContext:\n        fsGroup: 1337\n      serviceAccountName: source-controller\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - emptyDir: {}\n        name: data\n      - emptyDir: {}\n        name: tmp\n",
-            "yaml_incluster": "e1aba2209a36f10008a7a3ad79fcfbe50d58900fcb41060ab652fcf6364d6b7f"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "rbac.authorization.k8s.io/v1/clusterrole/crd-controller-flux-system",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "rbac.authorization.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/rbac.authorization.k8s.io/v1/clusterroles/crd-controller-flux-system",
-            "ignore_fields": null,
-            "kind": "ClusterRole",
-            "live_manifest_incluster": "64b8d95fdeb8cce691e46833d902ac7fa67f9f19c375337869ae6f31be108d3f",
-            "live_uid": "9553a86a-f030-42ef-b755-d565579553ea",
-            "name": "crd-controller-flux-system",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "9553a86a-f030-42ef-b755-d565579553ea",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nrules:\n- apiGroups:\n  - source.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - kustomize.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - helm.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - notification.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - image.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - \"\"\n  resources:\n  - namespaces\n  - secrets\n  - configmaps\n  - serviceaccounts\n  verbs:\n  - get\n  - list\n  - watch\n- apiGroups:\n  - \"\"\n  resources:\n  - events\n  verbs:\n  - create\n  - patch\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps/status\n  verbs:\n  - get\n  - update\n  - patch\n- apiGroups:\n  - coordination.k8s.io\n  resources:\n  - leases\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete",
-            "yaml_body_parsed": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nrules:\n- apiGroups:\n  - source.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - kustomize.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - helm.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - notification.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - image.toolkit.fluxcd.io\n  resources:\n  - '*'\n  verbs:\n  - '*'\n- apiGroups:\n  - \"\"\n  resources:\n  - namespaces\n  - secrets\n  - configmaps\n  - serviceaccounts\n  verbs:\n  - get\n  - list\n  - watch\n- apiGroups:\n  - \"\"\n  resources:\n  - events\n  verbs:\n  - create\n  - patch\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps/status\n  verbs:\n  - get\n  - update\n  - patch\n- apiGroups:\n  - coordination.k8s.io\n  resources:\n  - leases\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n",
-            "yaml_incluster": "64b8d95fdeb8cce691e46833d902ac7fa67f9f19c375337869ae6f31be108d3f"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "rbac.authorization.k8s.io/v1/clusterrolebinding/cluster-reconciler-flux-system",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "rbac.authorization.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/cluster-reconciler-flux-system",
-            "ignore_fields": null,
-            "kind": "ClusterRoleBinding",
-            "live_manifest_incluster": "fa44b2d7b1a5e317ad48f668736b5159d880a294ce7d2ca22c2925e3b91234b4",
-            "live_uid": "c35a1397-1075-462f-bb1d-04aac5cead05",
-            "name": "cluster-reconciler-flux-system",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "c35a1397-1075-462f-bb1d-04aac5cead05",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: cluster-reconciler-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system",
-            "yaml_body_parsed": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: cluster-reconciler-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n",
-            "yaml_incluster": "fa44b2d7b1a5e317ad48f668736b5159d880a294ce7d2ca22c2925e3b91234b4"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "rbac.authorization.k8s.io/v1/clusterrolebinding/crd-controller-flux-system",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "rbac.authorization.k8s.io/v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/crd-controller-flux-system",
-            "ignore_fields": null,
-            "kind": "ClusterRoleBinding",
-            "live_manifest_incluster": "6b8c8c6696023b30737eaa9f108706734b7dfc05b2b67ecad04648aac622acd2",
-            "live_uid": "8b42a696-6eae-4c09-a3b7-7cc14b8aea13",
-            "name": "crd-controller-flux-system",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "8b42a696-6eae-4c09-a3b7-7cc14b8aea13",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: crd-controller-flux-system\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: source-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: notification-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-reflector-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-automation-controller\n  namespace: flux-system",
-            "yaml_body_parsed": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: crd-controller-flux-system\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: crd-controller-flux-system\nsubjects:\n- kind: ServiceAccount\n  name: kustomize-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: helm-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: source-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: notification-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-reflector-controller\n  namespace: flux-system\n- kind: ServiceAccount\n  name: image-automation-controller\n  namespace: flux-system\n",
-            "yaml_incluster": "6b8c8c6696023b30737eaa9f108706734b7dfc05b2b67ecad04648aac622acd2"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "v1/namespace/flux-system",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/api/v1/namespaces/flux-system",
-            "ignore_fields": null,
-            "kind": "Namespace",
-            "live_manifest_incluster": "36cd74a4c6ef912d14993e6713511346b84b91b559cdcaefa1987bc9820c3340",
-            "live_uid": "0e244da8-b9b0-4053-bf00-7bedb468e182",
-            "name": "flux-system",
-            "namespace": null,
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "0e244da8-b9b0-4053-bf00-7bedb468e182",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "---\n# This manifest was generated by flux. DO NOT EDIT.\n# Flux Version: latest\n# Components: source-controller,kustomize-controller,helm-controller,notification-controller\napiVersion: v1\nkind: Namespace\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    pod-security.kubernetes.io/warn: restricted\n    pod-security.kubernetes.io/warn-version: latest\n  name: flux-system",
-            "yaml_body_parsed": "apiVersion: v1\nkind: Namespace\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    pod-security.kubernetes.io/warn: restricted\n    pod-security.kubernetes.io/warn-version: latest\n  name: flux-system\n",
-            "yaml_incluster": "36cd74a4c6ef912d14993e6713511346b84b91b559cdcaefa1987bc9820c3340"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "v1/service/flux-system/notification-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/api/v1/namespaces/flux-system/services/notification-controller",
-            "ignore_fields": null,
-            "kind": "Service",
-            "live_manifest_incluster": "2bed8e777b97150ef0f8eb7ce6e224b6d4518449b38f9f1dd1f799f187211e33",
-            "live_uid": "2977a59e-2fd1-4f92-a998-1d95f4a2d1ea",
-            "name": "notification-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "2977a59e-2fd1-4f92-a998-1d95f4a2d1ea",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: notification-controller\n  type: ClusterIP",
-            "yaml_body_parsed": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: notification-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: notification-controller\n  type: ClusterIP\n",
-            "yaml_incluster": "2bed8e777b97150ef0f8eb7ce6e224b6d4518449b38f9f1dd1f799f187211e33"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "v1/service/flux-system/source-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/api/v1/namespaces/flux-system/services/source-controller",
-            "ignore_fields": null,
-            "kind": "Service",
-            "live_manifest_incluster": "d56847b2a9516b2994b8bef69ba399ef8afb109c538adbe59446204688e1eae3",
-            "live_uid": "72cd6273-2019-4e1f-868a-485931ba1855",
-            "name": "source-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "72cd6273-2019-4e1f-868a-485931ba1855",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: source-controller\n  type: ClusterIP",
-            "yaml_body_parsed": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: source-controller\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http\n  selector:\n    app: source-controller\n  type: ClusterIP\n",
-            "yaml_incluster": "d56847b2a9516b2994b8bef69ba399ef8afb109c538adbe59446204688e1eae3"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "v1/service/flux-system/webhook-receiver",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/api/v1/namespaces/flux-system/services/webhook-receiver",
-            "ignore_fields": null,
-            "kind": "Service",
-            "live_manifest_incluster": "32478dcd63b2b822236c495158f3253df5ba5b88831fbeaa2b1198d7a0b472d7",
-            "live_uid": "02d74f76-90d5-4da6-90e8-2a51a51d278b",
-            "name": "webhook-receiver",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "02d74f76-90d5-4da6-90e8-2a51a51d278b",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: webhook-receiver\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http-webhook\n  selector:\n    app: notification-controller\n  type: ClusterIP",
-            "yaml_body_parsed": "apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n    control-plane: controller\n  name: webhook-receiver\n  namespace: flux-system\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: http-webhook\n  selector:\n    app: notification-controller\n  type: ClusterIP\n",
-            "yaml_incluster": "32478dcd63b2b822236c495158f3253df5ba5b88831fbeaa2b1198d7a0b472d7"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "v1/serviceaccount/flux-system/helm-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/api/v1/namespaces/flux-system/serviceaccounts/helm-controller",
-            "ignore_fields": null,
-            "kind": "ServiceAccount",
-            "live_manifest_incluster": "b2aad3f57dca6ad5856d63af0e01b5be04fd424032893aceb9b21bbc92c347a5",
-            "live_uid": "aa9711e9-e81e-439e-a807-abb2e2ab7cfe",
-            "name": "helm-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "aa9711e9-e81e-439e-a807-abb2e2ab7cfe",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helm-controller\n  namespace: flux-system",
-            "yaml_body_parsed": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: helm-controller\n  namespace: flux-system\n",
-            "yaml_incluster": "b2aad3f57dca6ad5856d63af0e01b5be04fd424032893aceb9b21bbc92c347a5"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "v1/serviceaccount/flux-system/kustomize-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/api/v1/namespaces/flux-system/serviceaccounts/kustomize-controller",
-            "ignore_fields": null,
-            "kind": "ServiceAccount",
-            "live_manifest_incluster": "8a14f17da2d09e6c888837953b3962a88d06f405df66028ff154a94d4dfa0d09",
-            "live_uid": "c73c43a2-52f9-42df-bf2b-897016848dda",
-            "name": "kustomize-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "c73c43a2-52f9-42df-bf2b-897016848dda",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomize-controller\n  namespace: flux-system",
-            "yaml_body_parsed": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: kustomize-controller\n  namespace: flux-system\n",
-            "yaml_incluster": "8a14f17da2d09e6c888837953b3962a88d06f405df66028ff154a94d4dfa0d09"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "v1/serviceaccount/flux-system/notification-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/api/v1/namespaces/flux-system/serviceaccounts/notification-controller",
-            "ignore_fields": null,
-            "kind": "ServiceAccount",
-            "live_manifest_incluster": "846badceb5abc1172a04ac98661eded224067c4084bf88be0eb70075af5a53d1",
-            "live_uid": "743f674e-2fa2-48d1-ae58-36a2354b44ba",
-            "name": "notification-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "743f674e-2fa2-48d1-ae58-36a2354b44ba",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: notification-controller\n  namespace: flux-system",
-            "yaml_body_parsed": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: notification-controller\n  namespace: flux-system\n",
-            "yaml_incluster": "846badceb5abc1172a04ac98661eded224067c4084bf88be0eb70075af5a53d1"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "v1/serviceaccount/flux-system/source-controller",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "v1",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/api/v1/namespaces/flux-system/serviceaccounts/source-controller",
-            "ignore_fields": null,
-            "kind": "ServiceAccount",
-            "live_manifest_incluster": "1d5862fdb063737cfa82134235c3dec3144c1c11ac78041a3c187751b6c2ed76",
-            "live_uid": "2e6d3b1e-37e0-4d53-83a4-65721bef5cbb",
-            "name": "source-controller",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "2e6d3b1e-37e0-4d53-83a4-65721bef5cbb",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: source-controller\n  namespace: flux-system",
-            "yaml_body_parsed": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/instance: flux-system\n    app.kubernetes.io/part-of: flux\n    app.kubernetes.io/version: latest\n  name: source-controller\n  namespace: flux-system\n",
-            "yaml_incluster": "1d5862fdb063737cfa82134235c3dec3144c1c11ac78041a3c187751b6c2ed76"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_install.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.flux",
-      "mode": "managed",
-      "type": "kubectl_manifest",
-      "name": "sync",
-      "provider": "module.flux.provider[\"registry.terraform.io/gavinbunney/kubectl\"]",
-      "instances": [
-        {
-          "index_key": "kustomize.toolkit.fluxcd.io/v1beta2/kustomization/flux-system/flux-system",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "kustomize.toolkit.fluxcd.io/v1beta2",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/kustomize.toolkit.fluxcd.io/v1beta2/namespaces/flux-system/kustomizations/flux-system",
-            "ignore_fields": null,
-            "kind": "Kustomization",
-            "live_manifest_incluster": "76983d95c6d6af709777da0d4f83096cef10b2b6e625b0116db581080e962f87",
-            "live_uid": "29dd19f1-dc61-4ad1-97fb-e10e69359515",
-            "name": "flux-system",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "29dd19f1-dc61-4ad1-97fb-e10e69359515",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: kustomize.toolkit.fluxcd.io/v1beta2\nkind: Kustomization\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 10m0s\n  path: ./clank\n  prune: true\n  sourceRef:\n    kind: GitRepository\n    name: flux-system",
-            "yaml_body_parsed": "apiVersion: kustomize.toolkit.fluxcd.io/v1beta2\nkind: Kustomization\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 10m0s\n  path: ./clank\n  prune: true\n  sourceRef:\n    kind: GitRepository\n    name: flux-system\n",
-            "yaml_incluster": "76983d95c6d6af709777da0d4f83096cef10b2b6e625b0116db581080e962f87"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_sync.main",
-            "module.flux.data.kubectl_file_documents.sync",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        },
-        {
-          "index_key": "source.toolkit.fluxcd.io/v1beta2/gitrepository/flux-system/flux-system",
-          "schema_version": 1,
-          "attributes": {
-            "api_version": "source.toolkit.fluxcd.io/v1beta2",
-            "apply_only": false,
-            "force_conflicts": false,
-            "force_new": false,
-            "id": "/apis/source.toolkit.fluxcd.io/v1beta2/namespaces/flux-system/gitrepositorys/flux-system",
-            "ignore_fields": null,
-            "kind": "GitRepository",
-            "live_manifest_incluster": "f159fca85740fe805d8ac4569899db00ab9cd9245350a7a56b689eafc490bedb",
-            "live_uid": "d2fea749-8f58-4ead-be65-bc2be53cb80e",
-            "name": "flux-system",
-            "namespace": "flux-system",
-            "override_namespace": null,
-            "sensitive_fields": null,
-            "server_side_apply": false,
-            "timeouts": null,
-            "uid": "d2fea749-8f58-4ead-be65-bc2be53cb80e",
-            "validate_schema": true,
-            "wait": null,
-            "wait_for_rollout": true,
-            "yaml_body": "apiVersion: source.toolkit.fluxcd.io/v1beta2\nkind: GitRepository\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 1m0s\n  ref:\n    branch: main\n  secretRef:\n    name: flux-system\n  url: ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git",
-            "yaml_body_parsed": "apiVersion: source.toolkit.fluxcd.io/v1beta2\nkind: GitRepository\nmetadata:\n  name: flux-system\n  namespace: flux-system\nspec:\n  interval: 1m0s\n  ref:\n    branch: main\n  secretRef:\n    name: flux-system\n  url: ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git\n",
-            "yaml_incluster": "f159fca85740fe805d8ac4569899db00ab9cd9245350a7a56b689eafc490bedb"
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.flux.data.flux_sync.main",
-            "module.flux.data.kubectl_file_documents.sync",
-            "module.flux.kubernetes_namespace.flux_system"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.flux",
-      "mode": "managed",
-      "type": "kubernetes_namespace",
-      "name": "flux_system",
-      "provider": "module.flux.provider[\"registry.terraform.io/hashicorp/kubernetes\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "id": "flux-system",
-            "metadata": [
-              {
-                "annotations": {},
-                "generate_name": "",
-                "generation": 0,
-                "labels": {
-                  "app.kubernetes.io/instance": "flux-system",
-                  "app.kubernetes.io/part-of": "flux",
-                  "app.kubernetes.io/version": "latest"
-                },
-                "name": "flux-system",
-                "resource_version": "36003",
-                "uid": "0e244da8-b9b0-4053-bf00-7bedb468e182"
-              }
-            ],
-            "timeouts": null
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjozMDAwMDAwMDAwMDB9fQ=="
-        }
-      ]
-    },
-    {
-      "module": "module.flux",
-      "mode": "managed",
-      "type": "kubernetes_secret",
-      "name": "main",
-      "provider": "module.flux.provider[\"registry.terraform.io/hashicorp/kubernetes\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "binary_data": null,
-            "data": {
-              "identity": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACBYZYPLAjLRZhUHfk4yTLmiQTDmdWPIgZTI+dGLgpY/GAAAAJgGvLdRBry3\nUQAAAAtzc2gtZWQyNTUxOQAAACBYZYPLAjLRZhUHfk4yTLmiQTDmdWPIgZTI+dGLgpY/GA\nAAAEBmqJkdSt8H6HIVzV6Na8ukBOj4Bywd970sQVPWAz8Ug1hlg8sCMtFmFQd+TjJMuaJB\nMOZ1Y8iBlMj50YuClj8YAAAAEWNvbnRhY3RAa2p1dWxoLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n",
-              "identity.pub": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFhlg8sCMtFmFQd+TjJMuaJBMOZ1Y8iBlMj50YuClj8Y contact@kjuulh.io\n",
-              "known_hosts": "git.front.kjuulh.io ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJdO0Tw0e/Fa78g1Xszc4oKaOPbTwl7RTAaGQb0TrV8\ngit.front.kjuulh.io ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO61xoa0ON2Y8rpIB6R9PFxg9HUxMym8Z5I4vYUC+/UnzaDx9YUEGo3Vig9wBo6Hc2lAp0BIwH/d5d6uBBEIj/Y=\n"
-            },
-            "id": "flux-system/flux-system",
-            "immutable": false,
-            "metadata": [
-              {
-                "annotations": {},
-                "generate_name": "",
-                "generation": 0,
-                "labels": {},
-                "name": "flux-system",
-                "namespace": "flux-system",
-                "resource_version": "40687",
-                "uid": "e4b26a74-1433-4a38-a126-63f7dec801f0"
-              }
-            ],
-            "type": "Opaque"
-          },
-          "sensitive_attributes": [
-            [
-              {
-                "type": "get_attr",
-                "value": "data"
-              },
-              {
-                "type": "index",
-                "value": {
-                  "value": "identity",
-                  "type": "string"
-                }
-              }
-            ]
-          ],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.flux.data.flux_sync.main",
-            "module.flux.data.kubectl_file_documents.apply",
-            "module.flux.kubectl_manifest.apply"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "data",
-      "type": "github_release",
-      "name": "hetzner_ccm",
-      "provider": "provider[\"registry.terraform.io/integrations/github\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "asserts_url": "https://api.github.com/repos/hetznercloud/hcloud-cloud-controller-manager/releases/52762979/assets",
-            "body": "## Changelog\r\n\r\n1b33f524 Prepare Release v1.21.1\r\n9fa68870 Update hcloud-go to v1.33 (#255)\r\nff044e93 deploy: add missing operator: Exists (#251)\r\n7c9948b6 Bump k8s.io/kubernetes from 1.18.3 to 1.18.19 (#243)\r\n451703ae Testsetup: Unify with CSI Driver test setup suite (#244)\r\n635cf10a Update docs (#240)\r\nf21278cc Health Check: Set healthcheck port to destination port if no port was defined via annotation (#239)\r\n\r\n\r\n## Docker images\r\n\r\n- `docker pull hetznercloud/hcloud-cloud-controller-manager:v1.12.1`\r\n",
-            "created_at": null,
-            "draft": false,
-            "html_url": "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/tag/v1.12.1",
-            "id": "52762979",
-            "name": "v1.12.1",
-            "owner": "hetznercloud",
-            "prerelease": false,
-            "published_at": null,
-            "release_id": null,
-            "release_tag": "v1.12.1",
-            "repository": "hcloud-cloud-controller-manager",
-            "retrieve_by": "latest",
-            "tarball_url": "https://api.github.com/repos/hetznercloud/hcloud-cloud-controller-manager/tarball/v1.12.1",
-            "target_commitish": "master",
-            "upload_url": "https://uploads.github.com/repos/hetznercloud/hcloud-cloud-controller-manager/releases/52762979/assets{?name,label}",
-            "url": "https://api.github.com/repos/hetznercloud/hcloud-cloud-controller-manager/releases/52762979",
-            "zipball_url": "https://api.github.com/repos/hetznercloud/hcloud-cloud-controller-manager/zipball/v1.12.1"
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "data",
-      "type": "github_release",
-      "name": "hetzner_csi",
-      "provider": "provider[\"registry.terraform.io/integrations/github\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "asserts_url": "https://api.github.com/repos/hetznercloud/csi-driver/releases/48351180/assets",
-            "body": "## Changelog\n\n2ea4803 Add btrfs support\n7719e45 Add exclude for blockstorage during resize (#211)\n4a69641 Add k8s 1.22 to tests (#225)\nbeb3783 Adjust stale bot to be more userfriendly (#217)\n0de9bd9 CI improvements for speed and fork-friendliness. (#221)\ne07b392 Fix changelog generation\n8cb0bfe Implement Instrumentation from hcloud-go (#227)\nc89c462 Increase default polling interval to 3 seconds. (#230)\n11c9940 Make e2e workflow friendly to running on forks. (#214)\n29893db Migrate Testsuite Setup to be in line with our CCM Testsuite (#219)\n4ad4d69 Prepare release v1.6.0 (#231)\ncf4e7e4 Recognition of root servers (#195)\nc213244 Reduce default log verbosity to info level (#224)\nc74a95b Remove testing for k8s 1.18 as written in our Versioning policy. (#199)\n8d1f531 Run e2e tests in parallel. (#215)\nda859e8 Simplify CSI socket handling (#222)\n6164eaf Update README.md (#196)\n140dad9 Update hcloud-go to v1.29.1 (#218)\nfb90575 Upgrade csi sidecars to latest versions. (#216)\n54f573e Use Go 1.17 (#228)\n5d2ac90 Use Goreleaser to publish changelog (#229)\n\n",
-            "created_at": null,
-            "draft": false,
-            "html_url": "https://github.com/hetznercloud/csi-driver/releases/tag/v1.6.0",
-            "id": "48351180",
-            "name": "v1.6.0",
-            "owner": "hetznercloud",
-            "prerelease": false,
-            "published_at": null,
-            "release_id": null,
-            "release_tag": "v1.6.0",
-            "repository": "csi-driver",
-            "retrieve_by": "latest",
-            "tarball_url": "https://api.github.com/repos/hetznercloud/csi-driver/tarball/v1.6.0",
-            "target_commitish": "master",
-            "upload_url": "https://uploads.github.com/repos/hetznercloud/csi-driver/releases/48351180/assets{?name,label}",
-            "url": "https://api.github.com/repos/hetznercloud/csi-driver/releases/48351180",
-            "zipball_url": "https://api.github.com/repos/hetznercloud/csi-driver/zipball/v1.6.0"
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "data",
-      "type": "github_release",
-      "name": "kured",
-      "provider": "provider[\"registry.terraform.io/integrations/github\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "asserts_url": "https://api.github.com/repos/weaveworks/kured/releases/63019853/assets",
-            "body": "# Build\r\n- update to alpine@3.15.3 #518\r\n- build(deps): bump helm/chart-testing-action from 2.1.0 to 2.2.0 #493\r\n- build(deps): bump actions/setup-python from 2 to 3 #507\r\n- build(deps): bump helm/chart-testing-action from 2.2.0 to 2.2.1 #512\r\n- build(deps): bump actions/checkout from 2 to 3 #508\r\n\r\n# Dependencies\r\n- build(deps): bump gotest.tools/v3 from 3.0.3 to 3.1.0 #497\r\n- build(deps): bump github.com/prometheus/client_golang to 1.12.1 #502\r\n- build(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0 #510\r\n- build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 #513\r\n\r\n# Helm chart\r\n- Add ability to define ds annotations in helm chart #494\r\n- Use templating in Slack URL, channel and username #505\r\n\r\n# Documentation\r\n- docs: add sentinel command example for RHEL family #504\r\n\r\n# Kubernetes Version Compatibility\r\n\r\nThe daemon image contains a 1.22.x k8s.io/{client-go,kubectl} for the purposes of maintaining the lock and draining worker nodes. Kubernetes aims to provide forwards \u0026 backwards compatibility of one minor version between client and server, so this should work on 1.21.x, 1.22.x and 1.23.x\r\n\r\nThanks a lot to everyone who contributed to kured since 1.9.1. Commits from @bambriy, @khuedoan, @weseven, @ckotzbauer\r\n",
-            "created_at": null,
-            "draft": false,
-            "html_url": "https://github.com/weaveworks/kured/releases/tag/1.9.2",
-            "id": "63019853",
-            "name": "Kured 1.9.2",
-            "owner": "weaveworks",
-            "prerelease": false,
-            "published_at": null,
-            "release_id": null,
-            "release_tag": "1.9.2",
-            "repository": "kured",
-            "retrieve_by": "latest",
-            "tarball_url": "https://api.github.com/repos/weaveworks/kured/tarball/1.9.2",
-            "target_commitish": "main",
-            "upload_url": "https://uploads.github.com/repos/weaveworks/kured/releases/63019853/assets{?name,label}",
-            "url": "https://api.github.com/repos/weaveworks/kured/releases/63019853",
-            "zipball_url": "https://api.github.com/repos/weaveworks/kured/zipball/1.9.2"
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "data",
-      "type": "hcloud_load_balancer",
-      "name": "traefik",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "index_key": 0,
-          "schema_version": 0,
-          "attributes": {
-            "algorithm": [
-              {
-                "type": "round_robin"
-              }
-            ],
-            "delete_protection": false,
-            "id": 712895,
-            "ipv4": "49.12.19.255",
-            "ipv6": "2a01:4f8:c011:61::1",
-            "labels": {
-              "hcloud-ccm/service-uid": "769636bc-0b55-441f-b847-140a6b144079"
-            },
-            "load_balancer_type": "lb11",
-            "location": "fsn1",
-            "name": "clank-traefik",
-            "network_zone": "eu-central",
-            "service": null,
-            "target": [
-              {
-                "label_selector": "",
-                "server_id": 20289430,
-                "type": "server"
-              },
-              {
-                "label_selector": "",
-                "server_id": 20285807,
-                "type": "server"
-              },
-              {
-                "label_selector": "",
-                "server_id": 20285811,
-                "type": "server"
-              },
-              {
-                "label_selector": "",
-                "server_id": 20285809,
-                "type": "server"
-              }
-            ],
-            "with_selector": null
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "data",
-      "type": "remote_file",
-      "name": "kubeconfig",
-      "provider": "provider[\"registry.terraform.io/tenstad/remote\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "conn": [
-              {
-                "agent": false,
-                "host": "167.235.247.244",
-                "password": "",
-                "port": 22,
-                "private_key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACDppcjQxBsUMZ1zixjJ/NA8Iz7fgqgste1GlvTEgaYTsgAAAJiZYtI7mWLS\nOwAAAAtzc2gtZWQyNTUxOQAAACDppcjQxBsUMZ1zixjJ/NA8Iz7fgqgste1GlvTEgaYTsg\nAAAEDLWiPDiI2P8wK7bHz6Xxg1LKWEVekqnkLNEdp//Fi4uOmlyNDEGxQxnXOLGMn80Dwj\nPt+CqCy17UaW9MSBphOyAAAAEWNvbnRhY3RAa2p1dWxoLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----",
-                "private_key_env_var": "",
-                "private_key_path": "",
-                "sudo": false,
-                "user": "root"
-              }
-            ],
-            "content": "apiVersion: v1\nclusters:\n- cluster:\n    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJlRENDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUyTlRJd01UVXhPREl3SGhjTk1qSXdOVEE0TVRNd05qSXlXaGNOTXpJd05UQTFNVE13TmpJeQpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUyTlRJd01UVXhPREl3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFReW45YTd2ZW1MUzZheE1sbjlvaHRTUENtZTRMaDJZYnJlY0ZHbk1pRmUKeWtKMEllSElEQjBZb3htMzM1NVFjMm5DOW1QODhQUTNlZ2lya2Zkc0pXZFdvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWd4aDhLMDVNeklhbHoxb0k3a0lQCjZleVZCVVl3Q2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loQUpwNDJiR1JSK0R5dG8xcFh5SHk1dDZDYS9RNjdoNCsKYWRIVjBsQ2RkRlBWQWlFQXQ2RkpZUXZXcUg2LzlqNkY2K3JFZ0NTZFRwbUM5VDNDd1ZpZm1hNXo4K3M9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n    server: https://127.0.0.1:6443\n  name: default\ncontexts:\n- context:\n    cluster: default\n    user: default\n  name: default\ncurrent-context: default\nkind: Config\npreferences: {}\nusers:\n- name: default\n  user:\n    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrRENDQVRlZ0F3SUJBZ0lJWHF3azVwR1ZNRG93Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOalV5TURFMU1UZ3lNQjRYRFRJeU1EVXdPREV6TURZeU1sb1hEVEl6TURVdwpPREV6TURZeU1sb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJFOEszZ0tKNkswK2lsYXIKbVVyaXlmN09jSjdaWlpoSHExNk1zbnZKSzVCUHRtQmttU0NxYUVEbFFCT2Y3NXR1MG9hSDdLMGREc0JSV2xtdApVMUF5NXV1alNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCUjVicDBabGRLd0U0MWdMeFNXT2IxV1ZTRUxqekFLQmdncWhrak9QUVFEQWdOSEFEQkUKQWlBM2piaW0wVEp4bXdQd2dtUGpLQ3BKWHl4SUVVZ0UxOG0wcW16OXlTTFhRUUlnVUduYjh2RnFOZmpUNmpULwphaXRTUVBjTTQ0RVY5TUFSRGFKUmJFZG0xc1k9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUyTlRJd01UVXhPREl3SGhjTk1qSXdOVEE0TVRNd05qSXlXaGNOTXpJd05UQTFNVE13TmpJeQpXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUyTlRJd01UVXhPREl3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFReFVCbE0rZjlZRVdaL2toN1BMSmZKeU1IenJscFlqd25udVNINE1GTmUKMlhzb1JGb3ltdlVhWDEvWFBIVnpSaVNTZkp6S0tJU0xLM095Y1lnTWhHR29vMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWVXNmRHWlhTc0JPTllDOFVsam05ClZsVWhDNDh3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnWFVsZlJZTVdjMVVhSkcwYXFYME1PRDcvL2VOTG9yVXIKU291NDNuNWlmK0lDSVFDdXNJNmNBcnI2Y2t5cWNHZ1NGRlJwMmxROE40MnIyK2EwN2RPMEFtVWg3dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n    client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUNnME5kRWRSRjRacDBLNzA5R1NHWDhWNXAyZXJ0ZktrN2dHelFnTk1HN1FvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVHdyZUFvbm9yVDZLVnF1WlN1TEovczV3bnRsbG1FZXJYb3l5ZThrcmtFKzJZR1NaSUtwbwpRT1ZBRTUvdm0yN1Nob2ZzclIwT3dGRmFXYTFUVURMbTZ3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=\n",
-            "id": "167.235.247.244:22:/etc/rancher/k3s/k3s.yaml",
-            "path": "/etc/rancher/k3s/k3s.yaml"
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "data",
-      "type": "remote_file",
-      "name": "kustomization_backup",
-      "provider": "provider[\"registry.terraform.io/tenstad/remote\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "conn": [
-              {
-                "agent": false,
-                "host": "167.235.247.244",
-                "password": "",
-                "port": 22,
-                "private_key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACDppcjQxBsUMZ1zixjJ/NA8Iz7fgqgste1GlvTEgaYTsgAAAJiZYtI7mWLS\nOwAAAAtzc2gtZWQyNTUxOQAAACDppcjQxBsUMZ1zixjJ/NA8Iz7fgqgste1GlvTEgaYTsg\nAAAEDLWiPDiI2P8wK7bHz6Xxg1LKWEVekqnkLNEdp//Fi4uOmlyNDEGxQxnXOLGMn80Dwj\nPt+CqCy17UaW9MSBphOyAAAAEWNvbnRhY3RAa2p1dWxoLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----",
-                "private_key_env_var": "",
-                "private_key_path": "",
-                "sudo": false,
-                "user": "root"
-              }
-            ],
-            "content": "\"apiVersion\": \"kustomize.config.k8s.io/v1beta1\"\n\"kind\": \"Kustomization\"\n\"patchesStrategicMerge\":\n- |\n  apiVersion: apps/v1\n  kind: DaemonSet\n  metadata:\n    name: kured\n    namespace: kube-system\n  spec:\n    selector:\n      matchLabels:\n        name: kured\n    template:\n      metadata:\n        labels:\n          name: kured\n      spec:\n        serviceAccountName: kured\n        containers:\n          - name: kured\n            command:\n              - /usr/bin/kured\n              - --reboot-command=/usr/bin/systemctl reboot\n- |\n  apiVersion: apps/v1\n  kind: Deployment\n  metadata:\n    name: system-upgrade-controller\n    namespace: system-upgrade\n  spec:\n    template:\n      spec:\n        containers:\n          - name: system-upgrade-controller\n            volumeMounts:\n              - name: ca-certificates\n                mountPath: /var/lib/ca-certificates\n        volumes:\n          - name: ca-certificates\n            hostPath:\n              path: /var/lib/ca-certificates\n              type: Directory\n- \"ccm.yaml\"\n\"resources\":\n- \"https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/v1.12.1/ccm-networks.yaml\"\n- \"https://github.com/weaveworks/kured/releases/download/1.9.2/kured-1.9.2-dockerhub.yaml\"\n- \"https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml\"\n- \"https://raw.githubusercontent.com/hetznercloud/csi-driver/v1.6.0/deploy/kubernetes/hcloud-csi.yml\"\n- \"traefik_config.yaml\"\n- \"cert-manager.yaml\"\n",
-            "id": "167.235.247.244:22:/var/post_install/kustomization.yaml",
-            "path": "/var/post_install/kustomization.yaml"
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "managed",
-      "type": "hcloud_firewall",
-      "name": "k3s",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "apply_to": [
-              {
-                "label_selector": "",
-                "server": 20285806
-              },
-              {
-                "label_selector": "",
-                "server": 20285807
-              },
-              {
-                "label_selector": "",
-                "server": 20285808
-              },
-              {
-                "label_selector": "",
-                "server": 20285809
-              },
-              {
-                "label_selector": "",
-                "server": 20285810
-              },
-              {
-                "label_selector": "",
-                "server": 20285811
-              },
-              {
-                "label_selector": "",
-                "server": 20289430
-              }
-            ],
-            "id": "385507",
-            "labels": {},
-            "name": "clank",
-            "rule": [
-              {
-                "description": "",
-                "destination_ips": [
-                  "0.0.0.0/0",
-                  "::/0"
-                ],
-                "direction": "out",
-                "port": "22",
-                "protocol": "tcp",
-                "source_ips": []
-              },
-              {
-                "description": "",
-                "destination_ips": [
-                  "0.0.0.0/0"
-                ],
-                "direction": "out",
-                "port": "",
-                "protocol": "icmp",
-                "source_ips": []
-              },
-              {
-                "description": "",
-                "destination_ips": [
-                  "0.0.0.0/0"
-                ],
-                "direction": "out",
-                "port": "123",
-                "protocol": "udp",
-                "source_ips": []
-              },
-              {
-                "description": "",
-                "destination_ips": [
-                  "0.0.0.0/0"
-                ],
-                "direction": "out",
-                "port": "443",
-                "protocol": "tcp",
-                "source_ips": []
-              },
-              {
-                "description": "",
-                "destination_ips": [
-                  "0.0.0.0/0"
-                ],
-                "direction": "out",
-                "port": "53",
-                "protocol": "tcp",
-                "source_ips": []
-              },
-              {
-                "description": "",
-                "destination_ips": [
-                  "0.0.0.0/0"
-                ],
-                "direction": "out",
-                "port": "53",
-                "protocol": "udp",
-                "source_ips": []
-              },
-              {
-                "description": "",
-                "destination_ips": [
-                  "0.0.0.0/0"
-                ],
-                "direction": "out",
-                "port": "80",
-                "protocol": "tcp",
-                "source_ips": []
-              },
-              {
-                "description": "",
-                "destination_ips": [],
-                "direction": "in",
-                "port": "",
-                "protocol": "icmp",
-                "source_ips": [
-                  "0.0.0.0/0"
-                ]
-              },
-              {
-                "description": "",
-                "destination_ips": [],
-                "direction": "in",
-                "port": "",
-                "protocol": "icmp",
-                "source_ips": [
-                  "10.0.0.0/8",
-                  "127.0.0.1/32",
-                  "169.254.169.254/32",
-                  "213.239.246.1/32"
-                ]
-              },
-              {
-                "description": "",
-                "destination_ips": [],
-                "direction": "in",
-                "port": "22",
-                "protocol": "tcp",
-                "source_ips": [
-                  "0.0.0.0/0"
-                ]
-              },
-              {
-                "description": "",
-                "destination_ips": [],
-                "direction": "in",
-                "port": "6443",
-                "protocol": "tcp",
-                "source_ips": [
-                  "0.0.0.0/0"
-                ]
-              },
-              {
-                "description": "",
-                "destination_ips": [],
-                "direction": "in",
-                "port": "any",
-                "protocol": "tcp",
-                "source_ips": [
-                  "10.0.0.0/8",
-                  "127.0.0.1/32",
-                  "169.254.169.254/32",
-                  "213.239.246.1/32"
-                ]
-              },
-              {
-                "description": "",
-                "destination_ips": [],
-                "direction": "in",
-                "port": "any",
-                "protocol": "udp",
-                "source_ips": [
-                  "10.0.0.0/8",
-                  "127.0.0.1/32",
-                  "169.254.169.254/32",
-                  "213.239.246.1/32"
-                ]
-              }
-            ]
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA=="
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "managed",
-      "type": "hcloud_network",
-      "name": "k3s",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "delete_protection": false,
-            "id": "1628275",
-            "ip_range": "10.0.0.0/8",
-            "labels": {},
-            "name": "clank"
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA=="
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "managed",
-      "type": "hcloud_network_subnet",
-      "name": "agent",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "index_key": 0,
-          "schema_version": 0,
-          "attributes": {
-            "gateway": "10.0.0.1",
-            "id": "1628275-10.0.0.0/16",
-            "ip_range": "10.0.0.0/16",
-            "network_id": 1628275,
-            "network_zone": "eu-central",
-            "type": "cloud",
-            "vswitch_id": null
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_network.k3s"
-          ]
-        },
-        {
-          "index_key": 1,
-          "schema_version": 0,
-          "attributes": {
-            "gateway": "10.0.0.1",
-            "id": "1628275-10.1.0.0/16",
-            "ip_range": "10.1.0.0/16",
-            "network_id": 1628275,
-            "network_zone": "eu-central",
-            "type": "cloud",
-            "vswitch_id": null
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_network.k3s"
-          ]
-        },
-        {
-          "index_key": 2,
-          "schema_version": 0,
-          "attributes": {
-            "gateway": "10.0.0.1",
-            "id": "1628275-10.2.0.0/16",
-            "ip_range": "10.2.0.0/16",
-            "network_id": 1628275,
-            "network_zone": "eu-central",
-            "type": "cloud",
-            "vswitch_id": null
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_network.k3s"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "managed",
-      "type": "hcloud_network_subnet",
-      "name": "control_plane",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "index_key": 0,
-          "schema_version": 0,
-          "attributes": {
-            "gateway": "10.0.0.1",
-            "id": "1628275-10.255.0.0/16",
-            "ip_range": "10.255.0.0/16",
-            "network_id": 1628275,
-            "network_zone": "eu-central",
-            "type": "cloud",
-            "vswitch_id": null
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_network.k3s"
-          ]
-        },
-        {
-          "index_key": 1,
-          "schema_version": 0,
-          "attributes": {
-            "gateway": "10.0.0.1",
-            "id": "1628275-10.254.0.0/16",
-            "ip_range": "10.254.0.0/16",
-            "network_id": 1628275,
-            "network_zone": "eu-central",
-            "type": "cloud",
-            "vswitch_id": null
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_network.k3s"
-          ]
-        },
-        {
-          "index_key": 2,
-          "schema_version": 0,
-          "attributes": {
-            "gateway": "10.0.0.1",
-            "id": "1628275-10.253.0.0/16",
-            "ip_range": "10.253.0.0/16",
-            "network_id": 1628275,
-            "network_zone": "eu-central",
-            "type": "cloud",
-            "vswitch_id": null
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_network.k3s"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "managed",
-      "type": "hcloud_placement_group",
-      "name": "agent",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "index_key": 0,
-          "schema_version": 0,
-          "attributes": {
-            "id": "41238",
-            "labels": {},
-            "name": "clank-agent-1",
-            "servers": [
-              20285807,
-              20285809,
-              20285811,
-              20289430
-            ],
-            "type": "spread"
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA=="
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "managed",
-      "type": "hcloud_placement_group",
-      "name": "control_plane",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "index_key": 0,
-          "schema_version": 0,
-          "attributes": {
-            "id": "41239",
-            "labels": {},
-            "name": "clank-control-plane-1",
-            "servers": [
-              20285806,
-              20285808,
-              20285810
-            ],
-            "type": "spread"
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA=="
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "managed",
-      "type": "hcloud_ssh_key",
-      "name": "k3s",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "fingerprint": "f4:16:88:3f:66:9e:f5:7d:d9:ed:20:0e:6a:55:a2:c3",
-            "id": "6372775",
-            "labels": {},
-            "name": "clank",
-            "public_key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io"
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA=="
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "managed",
-      "type": "local_file",
-      "name": "kustomization_backup",
-      "provider": "provider[\"registry.terraform.io/hashicorp/local\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "content": "\"apiVersion\": \"kustomize.config.k8s.io/v1beta1\"\n\"kind\": \"Kustomization\"\n\"patchesStrategicMerge\":\n- |\n  apiVersion: apps/v1\n  kind: DaemonSet\n  metadata:\n    name: kured\n    namespace: kube-system\n  spec:\n    selector:\n      matchLabels:\n        name: kured\n    template:\n      metadata:\n        labels:\n          name: kured\n      spec:\n        serviceAccountName: kured\n        containers:\n          - name: kured\n            command:\n              - /usr/bin/kured\n              - --reboot-command=/usr/bin/systemctl reboot\n- |\n  apiVersion: apps/v1\n  kind: Deployment\n  metadata:\n    name: system-upgrade-controller\n    namespace: system-upgrade\n  spec:\n    template:\n      spec:\n        containers:\n          - name: system-upgrade-controller\n            volumeMounts:\n              - name: ca-certificates\n                mountPath: /var/lib/ca-certificates\n        volumes:\n          - name: ca-certificates\n            hostPath:\n              path: /var/lib/ca-certificates\n              type: Directory\n- \"ccm.yaml\"\n\"resources\":\n- \"https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/v1.12.1/ccm-networks.yaml\"\n- \"https://github.com/weaveworks/kured/releases/download/1.9.2/kured-1.9.2-dockerhub.yaml\"\n- \"https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml\"\n- \"https://raw.githubusercontent.com/hetznercloud/csi-driver/v1.6.0/deploy/kubernetes/hcloud-csi.yml\"\n- \"traefik_config.yaml\"\n- \"cert-manager.yaml\"\n",
-            "content_base64": null,
-            "directory_permission": "0777",
-            "file_permission": "600",
-            "filename": "kustomization_backup.yaml",
-            "id": "dbde5be8a5091a964a3247a6c23b5ab4f8e9eb26",
-            "sensitive_content": null,
-            "source": null
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.data.github_release.hetzner_ccm",
-            "module.kube-hetzner.data.github_release.hetzner_csi",
-            "module.kube-hetzner.data.github_release.kured",
-            "module.kube-hetzner.data.remote_file.kubeconfig",
-            "module.kube-hetzner.data.remote_file.kustomization_backup",
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.local_sensitive_file.kubeconfig",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
-            "module.kube-hetzner.module.control_planes.random_string.server",
-            "module.kube-hetzner.null_resource.control_planes",
-            "module.kube-hetzner.null_resource.first_control_plane",
-            "module.kube-hetzner.null_resource.kustomization",
-            "module.kube-hetzner.random_password.k3s_token"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "managed",
-      "type": "local_sensitive_file",
-      "name": "kubeconfig",
-      "provider": "provider[\"registry.terraform.io/hashicorp/local\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "content": "apiVersion: v1\nclusters:\n- cluster:\n    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJlRENDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUyTlRJd01UVXhPREl3SGhjTk1qSXdOVEE0TVRNd05qSXlXaGNOTXpJd05UQTFNVE13TmpJeQpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUyTlRJd01UVXhPREl3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFReW45YTd2ZW1MUzZheE1sbjlvaHRTUENtZTRMaDJZYnJlY0ZHbk1pRmUKeWtKMEllSElEQjBZb3htMzM1NVFjMm5DOW1QODhQUTNlZ2lya2Zkc0pXZFdvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWd4aDhLMDVNeklhbHoxb0k3a0lQCjZleVZCVVl3Q2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loQUpwNDJiR1JSK0R5dG8xcFh5SHk1dDZDYS9RNjdoNCsKYWRIVjBsQ2RkRlBWQWlFQXQ2RkpZUXZXcUg2LzlqNkY2K3JFZ0NTZFRwbUM5VDNDd1ZpZm1hNXo4K3M9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n    server: https://167.235.247.244:6443\n  name: default\ncontexts:\n- context:\n    cluster: default\n    user: default\n  name: default\ncurrent-context: default\nkind: Config\npreferences: {}\nusers:\n- name: default\n  user:\n    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrRENDQVRlZ0F3SUJBZ0lJWHF3azVwR1ZNRG93Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOalV5TURFMU1UZ3lNQjRYRFRJeU1EVXdPREV6TURZeU1sb1hEVEl6TURVdwpPREV6TURZeU1sb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJFOEszZ0tKNkswK2lsYXIKbVVyaXlmN09jSjdaWlpoSHExNk1zbnZKSzVCUHRtQmttU0NxYUVEbFFCT2Y3NXR1MG9hSDdLMGREc0JSV2xtdApVMUF5NXV1alNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCUjVicDBabGRLd0U0MWdMeFNXT2IxV1ZTRUxqekFLQmdncWhrak9QUVFEQWdOSEFEQkUKQWlBM2piaW0wVEp4bXdQd2dtUGpLQ3BKWHl4SUVVZ0UxOG0wcW16OXlTTFhRUUlnVUduYjh2RnFOZmpUNmpULwphaXRTUVBjTTQ0RVY5TUFSRGFKUmJFZG0xc1k9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUyTlRJd01UVXhPREl3SGhjTk1qSXdOVEE0TVRNd05qSXlXaGNOTXpJd05UQTFNVE13TmpJeQpXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUyTlRJd01UVXhPREl3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFReFVCbE0rZjlZRVdaL2toN1BMSmZKeU1IenJscFlqd25udVNINE1GTmUKMlhzb1JGb3ltdlVhWDEvWFBIVnpSaVNTZkp6S0tJU0xLM095Y1lnTWhHR29vMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWVXNmRHWlhTc0JPTllDOFVsam05ClZsVWhDNDh3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnWFVsZlJZTVdjMVVhSkcwYXFYME1PRDcvL2VOTG9yVXIKU291NDNuNWlmK0lDSVFDdXNJNmNBcnI2Y2t5cWNHZ1NGRlJwMmxROE40MnIyK2EwN2RPMEFtVWg3dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n    client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUNnME5kRWRSRjRacDBLNzA5R1NHWDhWNXAyZXJ0ZktrN2dHelFnTk1HN1FvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVHdyZUFvbm9yVDZLVnF1WlN1TEovczV3bnRsbG1FZXJYb3l5ZThrcmtFKzJZR1NaSUtwbwpRT1ZBRTUvdm0yN1Nob2ZzclIwT3dGRmFXYTFUVURMbTZ3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=\n",
-            "content_base64": null,
-            "directory_permission": "0700",
-            "file_permission": "600",
-            "filename": "kubeconfig.yaml",
-            "id": "51b0f8e4bb7ae75ae8aed2aa818d47ff02cfdd0e",
-            "source": null
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.data.remote_file.kubeconfig",
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
-            "module.kube-hetzner.module.control_planes.random_string.server",
-            "module.kube-hetzner.null_resource.control_planes",
-            "module.kube-hetzner.null_resource.first_control_plane",
-            "module.kube-hetzner.random_password.k3s_token"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "managed",
-      "type": "null_resource",
-      "name": "agents",
-      "provider": "provider[\"registry.terraform.io/hashicorp/null\"]",
-      "instances": [
-        {
-          "index_key": "0-0-agent-small1",
-          "schema_version": 0,
-          "attributes": {
-            "id": "2176505815644718391",
-            "triggers": {
-              "agent_id": "20285807"
-            }
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.hcloud_server.server",
-            "module.kube-hetzner.module.agents.hcloud_server_network.server",
-            "module.kube-hetzner.module.agents.random_string.server",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
-            "module.kube-hetzner.module.control_planes.random_string.server",
-            "module.kube-hetzner.null_resource.first_control_plane",
-            "module.kube-hetzner.random_password.k3s_token"
-          ]
-        },
-        {
-          "index_key": "1-0-agent-small2",
-          "schema_version": 0,
-          "attributes": {
-            "id": "2844766948829955151",
-            "triggers": {
-              "agent_id": "20285811"
-            }
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.hcloud_server.server",
-            "module.kube-hetzner.module.agents.hcloud_server_network.server",
-            "module.kube-hetzner.module.agents.random_string.server",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
-            "module.kube-hetzner.module.control_planes.random_string.server",
-            "module.kube-hetzner.null_resource.first_control_plane",
-            "module.kube-hetzner.random_password.k3s_token"
-          ]
-        },
-        {
-          "index_key": "2-0-storage1",
-          "schema_version": 0,
-          "attributes": {
-            "id": "6929446356437947923",
-            "triggers": {
-              "agent_id": "20285809"
-            }
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.hcloud_server.server",
-            "module.kube-hetzner.module.agents.hcloud_server_network.server",
-            "module.kube-hetzner.module.agents.random_string.server",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
-            "module.kube-hetzner.module.control_planes.random_string.server",
-            "module.kube-hetzner.null_resource.first_control_plane",
-            "module.kube-hetzner.random_password.k3s_token"
-          ]
-        },
-        {
-          "index_key": "2-1-storage1",
-          "schema_version": 0,
-          "attributes": {
-            "id": "8807962960687335091",
-            "triggers": {
-              "agent_id": "20289430"
-            }
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.hcloud_server.server",
-            "module.kube-hetzner.module.agents.hcloud_server_network.server",
-            "module.kube-hetzner.module.agents.random_string.server",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
-            "module.kube-hetzner.module.control_planes.random_string.server",
-            "module.kube-hetzner.null_resource.first_control_plane",
-            "module.kube-hetzner.random_password.k3s_token"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "managed",
-      "type": "null_resource",
-      "name": "control_planes",
-      "provider": "provider[\"registry.terraform.io/hashicorp/null\"]",
-      "instances": [
-        {
-          "index_key": "0-0-control-plane-fsn1",
-          "schema_version": 0,
-          "attributes": {
-            "id": "2906291804049488022",
-            "triggers": {
-              "control_plane_id": "20285806"
-            }
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
-            "module.kube-hetzner.module.control_planes.random_string.server",
-            "module.kube-hetzner.null_resource.first_control_plane",
-            "module.kube-hetzner.random_password.k3s_token"
-          ]
-        },
-        {
-          "index_key": "1-0-control-plane-nbg1",
-          "schema_version": 0,
-          "attributes": {
-            "id": "7519334347044594476",
-            "triggers": {
-              "control_plane_id": "20285810"
-            }
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
-            "module.kube-hetzner.module.control_planes.random_string.server",
-            "module.kube-hetzner.null_resource.first_control_plane",
-            "module.kube-hetzner.random_password.k3s_token"
-          ]
-        },
-        {
-          "index_key": "2-0-control-plane-hel1",
-          "schema_version": 0,
-          "attributes": {
-            "id": "7465071128357046031",
-            "triggers": {
-              "control_plane_id": "20285808"
-            }
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
-            "module.kube-hetzner.module.control_planes.random_string.server",
-            "module.kube-hetzner.null_resource.first_control_plane",
-            "module.kube-hetzner.random_password.k3s_token"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "managed",
-      "type": "null_resource",
-      "name": "destroy_traefik_loadbalancer",
-      "provider": "provider[\"registry.terraform.io/hashicorp/null\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "id": "5718072141935869582",
-            "triggers": {
-              "kustomization_id": "6932703477613162485"
-            }
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.data.github_release.hetzner_ccm",
-            "module.kube-hetzner.data.github_release.hetzner_csi",
-            "module.kube-hetzner.data.github_release.kured",
-            "module.kube-hetzner.data.remote_file.kubeconfig",
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.local_sensitive_file.kubeconfig",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
-            "module.kube-hetzner.module.control_planes.random_string.server",
-            "module.kube-hetzner.null_resource.control_planes",
-            "module.kube-hetzner.null_resource.first_control_plane",
-            "module.kube-hetzner.null_resource.kustomization",
-            "module.kube-hetzner.random_password.k3s_token"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "managed",
-      "type": "null_resource",
-      "name": "first_control_plane",
-      "provider": "provider[\"registry.terraform.io/hashicorp/null\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "id": "8493463504988894518",
-            "triggers": null
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
-            "module.kube-hetzner.module.control_planes.random_string.server",
-            "module.kube-hetzner.random_password.k3s_token"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "managed",
-      "type": "null_resource",
-      "name": "kustomization",
-      "provider": "provider[\"registry.terraform.io/hashicorp/null\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "id": "6932703477613162485",
-            "triggers": null
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.data.github_release.hetzner_ccm",
-            "module.kube-hetzner.data.github_release.hetzner_csi",
-            "module.kube-hetzner.data.github_release.kured",
-            "module.kube-hetzner.data.remote_file.kubeconfig",
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.local_sensitive_file.kubeconfig",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.hcloud_server_network.server",
-            "module.kube-hetzner.module.control_planes.random_string.server",
-            "module.kube-hetzner.null_resource.control_planes",
-            "module.kube-hetzner.null_resource.first_control_plane",
-            "module.kube-hetzner.random_password.k3s_token"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner",
-      "mode": "managed",
-      "type": "random_password",
-      "name": "k3s_token",
-      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "id": "none",
-            "keepers": null,
-            "length": 48,
-            "lower": true,
-            "min_lower": 0,
-            "min_numeric": 0,
-            "min_special": 0,
-            "min_upper": 0,
-            "number": true,
-            "override_special": null,
-            "result": "5udRUWWljozBPauxJF4pbyDKc9aljYVyLITb5KN692dFczeK",
-            "special": false,
-            "upper": true
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA=="
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"0-0-agent-small1\"]",
-      "mode": "data",
-      "type": "cloudinit_config",
-      "name": "config",
-      "provider": "provider[\"registry.terraform.io/hashicorp/cloudinit\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "base64_encode": true,
-            "boundary": "MIMEBOUNDARY",
-            "gzip": true,
-            "id": "3259911983",
-            "part": [
-              {
-                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-agent-small1-mdr\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
-                "content_type": "text/cloud-config",
-                "filename": "init.cfg",
-                "merge_type": ""
-              }
-            ],
-            "rendered": "H4sIAAAAAAAA/4xW4W/ayBP9bin/w8j5wO+nw3ZIWrWlQjoHaIpa4xw4be+qCC27A95i7/p21yGO7o8/7TppSEiaE+LDzjzem30zHjOUwqAwQdZU2IeyLgyviDJRya+RvYelrAUjqhn4ySQZn6YX01E8+9P37Cn4gkpzKfrQC48OvAMvCHZBB94d94jrSmpuHJYYQ2heojDvYcULFKTEgc8FNyFdrf37X2WKCL1CFYwFlYyLdR/eLLnZAbiSDV6biBayZgGVYsXXB17CS9wr7nAX43lbxQ0ubAG673mHMHTxWiGYHKFS/IoYBIFmK9UGuDCoVoSiFwBt5fvwjwcAcJqm2fkszdJBh+W06rjgPItnWZKOxoMOqY20wYqYvA8RGhrpRrdlRLf8EV/R1TpAk/dsLSOuybJA0DqHimi9lYoBqU2OwnBKrI/7dZzfAuMHOBDSZb/1eh+k2hJljbwLJuTaojPFUcOxC8VFIbcZrfbBLhOvUZgncrXJpeI3yD5hoz/wAiHUOo/Iz/hig41+5ILO7ZctWi9CFm3qJQY5mhuBKrRRa8YcDShcSmmgRJNLBkSDv6kVMn/fhdnY9mORjLOP6WjgUA9VjZ0qQq03pAjqihGDP7WGCm3XZ0TQHBUorCTcDsye0nfVooLNiQ6oLEspAm1s3y5d3s31HdOnEw1Dh4H/taD/O9CSaKxVMciNqXQ/ilRVhre8IZfR5kRHLTxqFaKSUyWljoQkiuaOA4UFsEHPndbVmuZIN7dHe4XFz9jRHWSDzXOaVb0sOA032Dw07qapqsjS6ZBF+3cPbcp6GDPmBve+9+B6r3W+eDQPfQ8gsOAA2fHr1713EMdxPDyZ3pBhr/hrNOlNs/FrG5ukZdFMR+Oz6z+uxbf081ki3h6Ntj/OzW/Dv4dN780F+foumZ9Wedq4RhFqft/8qOsiD7kra4aa3yBEV0R1QUgDUdcOksmJ6Wj3zBdEG7C7zy0q4AISa3Y6B16SNYbeWsmtzfediwyvOEXdh+++JfUvrUpCNgj6bovkUhs7BsA1aDRApVJITdF4d5k+0IKITUDscxXokhRFLyiZ8iqFGtUVLu6RRtXoeaoWtGRuZcUayFJeYRfKZ2XtTS2V8QL4rpF1oRPwThc6OpqOs2E6/TA5W0wn88V8nI3SJJ5Mp3EyHvgNav/XCCH9aN3pPrfR2uPlvuzo4/DzZDzNLN/iYzrPdgSfyb0gZdeuc/8rOpuHdtGvCqIQRtM5OB+V7sJK2hWGDJYNnEm5LtBOAIEloZu6+pVBo+l8Mc/ibDJczMezL+PZfOD7L+R7ofvY1094FPbgbeg+/8k07xBO7Yu3HUxSyloYkCso5LodWaBE2IZf8SsEKRxMN9pguX+Nw7lLJOT6QuMgenA6OXtQjsGSRT9krQQpmNuKTzTwMCHXM7SrkEsxRzqIHgd6W8TNi8TuoWQ1xfaWDFekLgyIulyisrfVglQ6l0bDSskSjoPe0V224CU3XTASXgERrAW8egwAXlZSGSJa6PETLb5ITsezxedJMskGvlXwH8Ve7TZMkKpCddsmHSkpzRMG7RIsJsl5OsviqaXao9/NnrwodP/PQEMtBCJD5qbb7iFXhjOamqILrAXaqgIht7aw9iVarlV4+5vO5d5/tiA48P4NAAD//zWzz/kSCgAA"
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"0-0-agent-small1\"]",
-      "mode": "managed",
-      "type": "hcloud_server",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "backup_window": "",
-            "backups": false,
-            "datacenter": "fsn1-dc14",
-            "delete_protection": false,
-            "firewall_ids": [
-              385507
-            ],
-            "id": "20285807",
-            "ignore_remote_firewall_ids": false,
-            "image": "ubuntu-20.04",
-            "ipv4_address": "142.132.182.232",
-            "ipv6_address": "2a01:4f8:c012:d1c0::1",
-            "ipv6_network": "2a01:4f8:c012:d1c0::/64",
-            "iso": null,
-            "keep_disk": false,
-            "labels": {
-              "engine": "k3s",
-              "provisioner": "terraform"
-            },
-            "location": "fsn1",
-            "name": "clank-agent-small1-mdr",
-            "network": [],
-            "placement_group_id": 41238,
-            "rebuild_protection": false,
-            "rescue": "linux64",
-            "server_type": "cpx11",
-            "ssh_keys": [
-              "6372775"
-            ],
-            "status": "running",
-            "timeouts": null,
-            "user_data": "D7VXcW+8XFUt2rIoXtjcDwVNF9U="
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0=",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"0-0-agent-small1\"]",
-      "mode": "managed",
-      "type": "hcloud_server_network",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "alias_ips": [],
-            "id": "20285807-1628275",
-            "ip": "10.0.0.101",
-            "mac_address": "86:00:00:0f:24:bf",
-            "network_id": null,
-            "server_id": 20285807,
-            "subnet_id": "1628275-10.0.0.0/16"
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.hcloud_server.server",
-            "module.kube-hetzner.module.agents.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"0-0-agent-small1\"]",
-      "mode": "managed",
-      "type": "random_string",
-      "name": "server",
-      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
-      "instances": [
-        {
-          "schema_version": 1,
-          "attributes": {
-            "id": "mdr",
-            "keepers": {
-              "name": "clank-agent-small1"
-            },
-            "length": 3,
-            "lower": true,
-            "min_lower": 0,
-            "min_numeric": 0,
-            "min_special": 0,
-            "min_upper": 0,
-            "number": false,
-            "override_special": null,
-            "result": "mdr",
-            "special": false,
-            "upper": false
-          },
-          "sensitive_attributes": [],
-          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"1-0-agent-small2\"]",
-      "mode": "data",
-      "type": "cloudinit_config",
-      "name": "config",
-      "provider": "provider[\"registry.terraform.io/hashicorp/cloudinit\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "base64_encode": true,
-            "boundary": "MIMEBOUNDARY",
-            "gzip": true,
-            "id": "2042315058",
-            "part": [
-              {
-                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-agent-small2-tqu\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
-                "content_type": "text/cloud-config",
-                "filename": "init.cfg",
-                "merge_type": ""
-              }
-            ],
-            "rendered": "H4sIAAAAAAAA/4xWYW/ayhL9bin/YeR84D09bIekVVsqpOcATVFrnAtO23urCC27A95i77q76xBH98df7TppSEiaK8SHnTmcM3tmPGYohUFhgqypsA9lXRheEWWikl8jew9LWQtGVDPwk0kyPk0vpqN49qfv2VPwBZXmUvShFx4deAdeEOyCDrw77hHXldTcOCwxhtC8RGHew4oXKEiJA58LbkK6Wvv3v8oUEXqFKhgLKhkX6z68WXKzA3AlG7w2ES1kzQIqxYqvD7yEl7hX3OEuxvO2ihtc2AJ03/MOYejitUIwOUKl+BUxCALNVqoNcGFQrQhFLwDayvfhbw8A4DRNs/NZmqWDDstp1XHBeRbPsiQdjQcdUhtpgxUxeR8iNDTSjW7LiG75I76iq3WAJu/ZWkZck2WBoHUOFdF6KxUDUpscheGUWB/36zi/BcYPcCCky37r9T5ItSXKGnkXTMi1RWeKo4ZjF4qLQm4zWu2DXSZeozBP5GqTS8VvkH3CRn/gBUKodR6RX/HFBhv9yAWd2y9btF6ELNrUSwxyNDcCVWij1ow5GlC4lNJAiSaXDIgGf1MrZP6+C7Ox7cciGWcf09HAoR6qGjtVhFpvSBHUFSMGf2kNFdquz4igOSpQWEm4HZg9pe+qRQWbEx1QWZZSBNrYvl26vJvrO6ZPJxqGDgP/aUH/daAl0VirYpAbU+l+FKmqDG95Qy6jzYmOWnjUKkQlp0pKHQlJFM0dBwoLYIOeO62rNc2Rbm6P9gqLX7GjO8gGm+c0q3pZcBpusHlo3E1TVZGl0yGL9u8e2pT1MGbMDe5978H1Xut88Wge+h5AYMEBsuPXr3vvII7jeHgyvSHDXvHXaNKbZuPXNjZJy6KZjsZn139ci2/p57NEvD0abX+cm/8Nfw6b3psL8vVdMj+t8rRxjSLU/H/zo66LPOSurBlqfoMQXRHVBSENRF07SCYnpqPdM18QbcDuPreogAtIrNnpHHhJ1hh6ayW3Nt93LjK84hR1H777ltS/tCoJ2SDouy2SS23sGADXoNEAlUohNUXj3WX6QAsiNgGxz1WgS1IUx4H5WXuVQo3qChf3SKNq9DxVC1oyt7JiDWQpr7AL5bOy9qaWyngBfNfIutAJeKcLHR1Nx9kwnX6YnC2mk/liPs5GaRJPptM4GQ/8BrX/e4SQfrTudJ/baO3xcl929HH4eTKeZpZv8TGdZzuCz+RekLJr17n/FZ3NQ7voVwVRCKPpHJyPSndhJe0KQwbLBs6kXBdoJ4DAktBNXf3OoNF0vphncTYZLubj2ZfxbD7w/RfyvdB97OsnPAp78DZ0n39lmncIp/bF2w4mKWUtDMgVFHLdjixQImzDr/gVghQOphttsNy/xuHcJRJyfaFxED04nZw9KMdgyaIfslaCFMxtxScaeJiQ6xnaVcilmCMdRI8DvS3i5kVi91CymmJ7S4YrUhcGRF0uUdnbakEqnUujYaVkCcdB7+guW/CSmy4YCa+ACNYCXj0GAC8rqQwRLfT4iRZfJKfj2eLzJJlkA98q+I9ir3YbJkhVobptk46UlOYJg3YJFpPkPJ1l8dRS7dHvZk9eFLr/Z6ChFgKRIXPTbfeQK8MZTU3RBdYCbVWBkFtbWPsSLdcqvP1N53LvP1sQHHj/BAAA//8z9yJHEgoAAA=="
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"1-0-agent-small2\"]",
-      "mode": "managed",
-      "type": "hcloud_server",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "backup_window": "",
-            "backups": false,
-            "datacenter": "nbg1-dc3",
-            "delete_protection": false,
-            "firewall_ids": [
-              385507
-            ],
-            "id": "20285811",
-            "ignore_remote_firewall_ids": false,
-            "image": "ubuntu-20.04",
-            "ipv4_address": "116.203.85.75",
-            "ipv6_address": "2a01:4f8:1c1e:c5b5::1",
-            "ipv6_network": "2a01:4f8:1c1e:c5b5::/64",
-            "iso": null,
-            "keep_disk": false,
-            "labels": {
-              "engine": "k3s",
-              "provisioner": "terraform"
-            },
-            "location": "nbg1",
-            "name": "clank-agent-small2-tqu",
-            "network": [],
-            "placement_group_id": 41238,
-            "rebuild_protection": false,
-            "rescue": "linux64",
-            "server_type": "cpx11",
-            "ssh_keys": [
-              "6372775"
-            ],
-            "status": "running",
-            "timeouts": null,
-            "user_data": "2WwhfGNbb8PWIa5HwzRkeftEW60="
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0=",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"1-0-agent-small2\"]",
-      "mode": "managed",
-      "type": "hcloud_server_network",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "alias_ips": [],
-            "id": "20285811-1628275",
-            "ip": "10.1.0.101",
-            "mac_address": "86:00:00:0f:24:c4",
-            "network_id": null,
-            "server_id": 20285811,
-            "subnet_id": "1628275-10.1.0.0/16"
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.hcloud_server.server",
-            "module.kube-hetzner.module.agents.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"1-0-agent-small2\"]",
-      "mode": "managed",
-      "type": "random_string",
-      "name": "server",
-      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
-      "instances": [
-        {
-          "schema_version": 1,
-          "attributes": {
-            "id": "tqu",
-            "keepers": {
-              "name": "clank-agent-small2"
-            },
-            "length": 3,
-            "lower": true,
-            "min_lower": 0,
-            "min_numeric": 0,
-            "min_special": 0,
-            "min_upper": 0,
-            "number": false,
-            "override_special": null,
-            "result": "tqu",
-            "special": false,
-            "upper": false
-          },
-          "sensitive_attributes": [],
-          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"2-0-storage1\"]",
-      "mode": "data",
-      "type": "cloudinit_config",
-      "name": "config",
-      "provider": "provider[\"registry.terraform.io/hashicorp/cloudinit\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "base64_encode": true,
-            "boundary": "MIMEBOUNDARY",
-            "gzip": true,
-            "id": "264943894",
-            "part": [
-              {
-                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-storage1-dsi\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
-                "content_type": "text/cloud-config",
-                "filename": "init.cfg",
-                "merge_type": ""
-              }
-            ],
-            "rendered": "H4sIAAAAAAAA/4xW4W/ayBP9bin/w8j5wO+nw3ZIWrWlQjoHaIpa4xw4be+qCC27A95i7/p21yGO7o8/7TppSEiaE+LDzjzem30zjD2UwqAwQdZU2IeyLgyviDJRya+RvYelrAUjqhn4ySQZn6YX01E8+9P37Cn4gkpzKfrQC48OvAMvCHZBB94d94jrSmpuHJYYQ2heojDvYcULFKTEgc8FNyFdrf37X2WKCL1CFYwFlYyLdR/eLLnZAbiSDV6biBayZgGVYsXXB17CS9wr7nAX43lbxQ0ubAG673mHMHTxWiGYHKFS/IoYBIFmK9UGuDCoVoSiFwBt5fvwjwcAcJqm2fkszdJBh+W06rjgPItnWZKOxoMOqY20wYqYvA8RGhrpRrdlRLf8EV/R1TpAk/dsLSOuybJA0DqHimi9lYoBqU2OwnBKrI/7dZzfAuMHOBDSZb/1eh+k2hJljbwLJuTaojPFUcOxC8VFIbcZrfbBLhOvUZgncrXJpeI3yD5hoz/wAiHUOo/Iz/hig41+5ILO7ZctWi9CFm3qJQY5mhuBKrRRa8YcDShcSmmgRJNLBkSDv6kVMn/fhdnY9mORjLOP6WjgUA9VjZ0qQq03pAjqihGDP7WGCm3XZ0TQHBUorCTcDsye0nfVooLNiQ6oLEspAm1s3y5d3s31HdOnEw1Dh4H/taD/O9CSaKxVMciNqXQ/ilRVhre8IZfR5kRHLTxqFaKSUyWljoQkiuaOA4UFsEHPndbVmuZIN7dHe4XFz9jRHWSDzXOaVb0sOA032Dw07qapqsjS6ZBF+3cPbcp6GDPmBve+9+B6r3W+eDQPfQ8gsOAA2fHr1713EMdxPDyZ3pBhr/hrNOlNs/FrG5ukZdFMR+Oz6z+uxbf081ki3h6Ntj/OzW/Dv4dN780F+foumZ9Wedq4RhFqft/8qOsiD7kra4aa3yBEV0R1QUgDUdcOksmJ6Wj3ny+INmB3n1tUwAUk1ux0Drwkawy9tZJbm+87FxlecYq6D999S+pfWpWEbBD03RbJpTZ2DIBr0GiASqWQmqLx7jJ9oAURm0AbqcgaewHT3KsUalRXuLhHGVWj56la0JK5dRVrIEt5hV0on5W0t7RUxgvgu0bWhU7AO13o6Gg6zobp9MPkbDGdzBfzcTZKk3gyncbJeOA3qP1fI4T0o3Wn+9w2a4+X+7Kjj8PPk/E0s3yLj+k82xF8JveClF25zvmv6Cwe2iW/KohCGE3n4HxUugsradcXMlg2cCblukDbfQJLQjd19SuDRtP5Yp7F2WS4mI9nX8az+cD3X8j3Qvexj57wKOzB29B9/pNp3iGc2oduO5SklLUwIFdQyHU7rkCJsA2/4lcIUjiYbrTBcv8ah3OXSMj1hcZB9OB0cvagHIMli37IWglSMLcRn2jgYUKuZ2jXIJdijnQQPQ70toibF4ndH5LVFNtbMlyRujAg6nKJyt5WC1LpXBoNKyVLOA56R3fZgpfcdMFIeAVEsBbw6jEAeFlJZYhoocdPtPgiOR3PFp8nySQb+FbBfxR7tdswQaoK1W2bdKSkNE8YtEuwmCTn6SyLp5Zqj343e/Ki0P1bgYZaCESGzE233UGuDGc0NUUXWAu0VQVCbm1h7QO0XKvw9jedy733tSA48P4NAAD//3Tq5JEOCgAA"
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"2-0-storage1\"]",
-      "mode": "managed",
-      "type": "hcloud_server",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "backup_window": "",
-            "backups": false,
-            "datacenter": "fsn1-dc14",
-            "delete_protection": false,
-            "firewall_ids": [
-              385507
-            ],
-            "id": "20285809",
-            "ignore_remote_firewall_ids": false,
-            "image": "ubuntu-20.04",
-            "ipv4_address": "142.132.189.194",
-            "ipv6_address": "2a01:4f8:c012:d1c2::1",
-            "ipv6_network": "2a01:4f8:c012:d1c2::/64",
-            "iso": null,
-            "keep_disk": false,
-            "labels": {
-              "engine": "k3s",
-              "provisioner": "terraform"
-            },
-            "location": "fsn1",
-            "name": "clank-storage1-dsi",
-            "network": [],
-            "placement_group_id": 41238,
-            "rebuild_protection": false,
-            "rescue": "linux64",
-            "server_type": "cpx11",
-            "ssh_keys": [
-              "6372775"
-            ],
-            "status": "running",
-            "timeouts": null,
-            "user_data": "Nr7zQ070fY606hamZAdNr8bKW6M="
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0=",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"2-0-storage1\"]",
-      "mode": "managed",
-      "type": "hcloud_server_network",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "alias_ips": [],
-            "id": "20285809-1628275",
-            "ip": "10.2.0.101",
-            "mac_address": "86:00:00:0f:24:be",
-            "network_id": null,
-            "server_id": 20285809,
-            "subnet_id": "1628275-10.2.0.0/16"
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.hcloud_server.server",
-            "module.kube-hetzner.module.agents.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"2-0-storage1\"]",
-      "mode": "managed",
-      "type": "random_string",
-      "name": "server",
-      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
-      "instances": [
-        {
-          "schema_version": 1,
-          "attributes": {
-            "id": "dsi",
-            "keepers": {
-              "name": "clank-storage1"
-            },
-            "length": 3,
-            "lower": true,
-            "min_lower": 0,
-            "min_numeric": 0,
-            "min_special": 0,
-            "min_upper": 0,
-            "number": false,
-            "override_special": null,
-            "result": "dsi",
-            "special": false,
-            "upper": false
-          },
-          "sensitive_attributes": [],
-          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"2-1-storage1\"]",
-      "mode": "data",
-      "type": "cloudinit_config",
-      "name": "config",
-      "provider": "provider[\"registry.terraform.io/hashicorp/cloudinit\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "base64_encode": true,
-            "boundary": "MIMEBOUNDARY",
-            "gzip": true,
-            "id": "4262392169",
-            "part": [
-              {
-                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-storage1-cgr\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
-                "content_type": "text/cloud-config",
-                "filename": "init.cfg",
-                "merge_type": ""
-              }
-            ],
-            "rendered": "H4sIAAAAAAAA/4xWX2/bPhJ8F5DvsFAefIezpDhp0daFgVNsNzVaWTlbaXtXBAZNriXWEqkjqTgK7sMfSCXNHyfND4YfuDueWc6uVxpLYVCYIGtrHELVlIbXRJmo4tfIPsJaNoIR1Y78ZJZMT9OL+SRe/Nv37Cn4hkpzKYYwCI8OvAMvCB6CDrw77gnXtdTcOCwxhtCiQmE+woaXKEiFI58LbkK6yf37X2WKCL1BFUwFlYyLfAjv1tw8ALiSDV6biJayYQGVYsPzAy/hFe4Vd/gQ43k7xQ2ubAF66HmHMHbxRiGYAqFW/IoYBIFmJ9UWuDCoNoSiFwDt5IfwPw8A4DRNs/NFmqWjHito3XPBZRYvsiSdTEc90hhpgzUxxRAiNDTSre7KiG75I76hmzxAUwxsLROuybpE0LqAmmi9k4oBaUyBwnBKrI/7dZzfAuNHOBDSZX8MBp+k2hFljbwLJuTaojPFUcOxC8VlKXcZrffBLhPnKMwzucYUUvEbZF+w1Z94iRBqXUTkd3y1xVY/cUEX9stWnRchi7bNGoMCzY1AFdqoNWOJBhSupTRQoSkkA6LB3zYKmb/vwmJq+7FKptnndDJyqMeqxk4VodYbUgZNzYjB31pjhbbrCyJogQoU1hJuB2ZP6afqUMH2RAdUVpUUgTa2b5cu7+b6junLiYaxw8DfOtDfHWhNNDaqHBXG1HoYRaquwlvekMtoe6KjDh51ClHFqZJSR0ISRQvHgcIC2GjgTnmd0wLp9vZor7D6HTu6g2yxfUmzbtYlp+EW28fG3bR1HVk6HbJo/+6hTVkPY8bc4N73HlzvtS5WT+Zh6AEEFhwgO377dvAB4jiOxyfzGzIelP+ZzAbzbPrWxmZpVbbzyfTs+l/X4kf69SwR748mu1/n5h/j/47bwbsL8v1Dsjyti7R1jSLU/HP7q2nKIuSurAVqfoMQXRHVByENRH07SKYgpqfdf74k2oDdfW5RAReQWLPTJfCK5Bh6uZI7mx86FxlecYp6CD99S+pfWpWEbBH03RYppDZ2DIBr0GiASqWQmrL17jJDoCUR20AbqUiOg4DmyqsValRXuLpHGdWg56lG0Iq5dRVrIGt5hX2oXpS0t7RUxgvgp0bWh17Ae33o6Wg+zcbp/NPsbDWfLVfLaTZJk3g2n8fJdOS3qP0/I4T0o7zXf2mbdcfLfdnJ5/HX2XSeWb7V53SZPRB8IfeKlF25zvnv6Cwe2yW/KYlCmMyX4HxUug8badcXMli3cCZlXqLtPoE1odum/pNBk/lytczibDZeLaeLb9PFcuT7r+QHofvYR094FA7gfeg+f8k07xBO7UO3G0pSyUYYkBsoZd6NK1AibMOv+BWCFA6mW22w2r/G4dIlEnJ9oXEUPTqdnD0qx2DFol+yUYKUzG3EZxp4mJDrBdo1yKVYIh1FTwODHeL2VWL3h2QNxe6WDDekKQ2IplqjsrfVgtS6kEbDRskKjoPB0V225BU3fTAS3gARrAO8eQoAXtVSGSI66PEzLb5ITqeL1ddZMstGvlXwn8TePGyYIHWN6rZNOlJSmmcMekiwmiXn6SKL55Zqj/5h9uRVofu3Ag2NEIgMmZtuu4NcGc5oaso+sA5oqwqE3NnCugdolavw9je9y733tSA48P4fAAD//909lR4OCgAA"
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"2-1-storage1\"]",
-      "mode": "managed",
-      "type": "hcloud_server",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "backup_window": "",
-            "backups": false,
-            "datacenter": "fsn1-dc14",
-            "delete_protection": false,
-            "firewall_ids": [
-              385507
-            ],
-            "id": "20289430",
-            "ignore_remote_firewall_ids": false,
-            "image": "ubuntu-20.04",
-            "ipv4_address": "49.12.247.85",
-            "ipv6_address": "2a01:4f8:c012:d246::1",
-            "ipv6_network": "2a01:4f8:c012:d246::/64",
-            "iso": null,
-            "keep_disk": false,
-            "labels": {
-              "engine": "k3s",
-              "provisioner": "terraform"
-            },
-            "location": "fsn1",
-            "name": "clank-storage1-cgr",
-            "network": [],
-            "placement_group_id": 41238,
-            "rebuild_protection": false,
-            "rescue": "linux64",
-            "server_type": "cpx11",
-            "ssh_keys": [
-              "6372775"
-            ],
-            "status": "running",
-            "timeouts": null,
-            "user_data": "1yw8VGJRSEcjXrZpwCMw7s5ae8A="
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0=",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"2-1-storage1\"]",
-      "mode": "managed",
-      "type": "hcloud_server_network",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "alias_ips": [],
-            "id": "20289430-1628275",
-            "ip": "10.2.0.102",
-            "mac_address": "86:00:00:0f:27:a2",
-            "network_id": null,
-            "server_id": 20289430,
-            "subnet_id": "1628275-10.2.0.0/16"
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent",
-            "module.kube-hetzner.hcloud_placement_group.agent",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.agents.data.cloudinit_config.config",
-            "module.kube-hetzner.module.agents.hcloud_server.server",
-            "module.kube-hetzner.module.agents.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.agents[\"2-1-storage1\"]",
-      "mode": "managed",
-      "type": "random_string",
-      "name": "server",
-      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
-      "instances": [
-        {
-          "schema_version": 1,
-          "attributes": {
-            "id": "cgr",
-            "keepers": {
-              "name": "clank-storage1"
-            },
-            "length": 3,
-            "lower": true,
-            "min_lower": 0,
-            "min_numeric": 0,
-            "min_special": 0,
-            "min_upper": 0,
-            "number": false,
-            "override_special": null,
-            "result": "cgr",
-            "special": false,
-            "upper": false
-          },
-          "sensitive_attributes": [],
-          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.agent"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.control_planes[\"0-0-control-plane-fsn1\"]",
-      "mode": "data",
-      "type": "cloudinit_config",
-      "name": "config",
-      "provider": "provider[\"registry.terraform.io/hashicorp/cloudinit\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "base64_encode": true,
-            "boundary": "MIMEBOUNDARY",
-            "gzip": true,
-            "id": "3900639102",
-            "part": [
-              {
-                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-control-plane-fsn1-xgb\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
-                "content_type": "text/cloud-config",
-                "filename": "init.cfg",
-                "merge_type": ""
-              }
-            ],
-            "rendered": "H4sIAAAAAAAA/4xW3W7bOBO9F5B3GCgX/j6sJcVJi7YuDKxiu6nRysraStvdIjBocmyxlkgtScVWsA+/IJU0P06aheELzhyfMzwzHmkohUFhgqypsA9lXRheEWWiku+QvYelrAUjqhn4ySQZn6YX01E8+9P37Cn4gkpzKfrQC48OvAMvCO6DDrxb7hHXldTcOCwxhtC8RGHew4oXKEiJA58LbkK6Wvt3v8oUEXqFKhgLKhkX6z68WXJzD+BKNrgzES1kzQIqxYqvD7yEl7hX3OF9jOdtFTe4sAXovucdwtDFa4VgcoRK8StiEASarVQb4MKgWhGKXgC0le/DPx4AwGmaZuezNEsHHZbTquOC8yyeZUk6Gg86pDbSBiti8j5EaGikG92WEd3wR3xFV+sATd6ztYy4JssCQescKqL1VioGpDY5CsMpsT7u13F+A4wf4EBIl/3W632QakuUNfI2mJCdRWeKo4ZjF4qLQm4zWu2DXSZeozBP5GqTS8WvkX3CRn/gBUKodR6Rn/HFBhv9yAWd2y9btF6ELNrUSwxyNNcCVWij1ow5GlC4lNJAiSaXDIgGf1MrZP6+C7Ox7cciGWcf09HAoR6qGjtVhFpvSBHUFSMGf2oNFdquz4igOSpQWEm4GZg9pe+qRQWbEx1QWZZSBNrYvl26vJvrW6ZPJxqGDgP/a0H/d6Al0VirYpAbU+l+FKmqDG94Qy6jzYmOWnjUKkQlp0pKHQlJFM0dBwoLYIOeO62rNc2Rbm6O9gqLn7GjW8gGm+c0q3pZcBpusHlo3HVTVZGl0yGL9u8e2pT1MGbMDe5d78H1Xut88Wge+h5AYMEBsuPXr3vvII7jeHgyvSbDXvHXaNKbZuPXNjZJy6KZjsZnuz924lv6+SwRb49G2x/n5rfh38Om9+aCfH2XzE+rPG1cowg1v29+1HWRh9yVNUPNrxGiK6K6IKSBqGsHyeTEdLT7zxdEG7C7zy0q4AISa3Y6B16SNYbeWsmtzfediwyvOEXdh+++JfUvrUpCNgj6dovkUhs7BsA1aDRApVJITdF4t5k+0IKIjd1KRskiqAoiMFhp0Qt266VXKdSornBxhzeqRs9TtaAlc4sr1kCW8gq7UD4rbu9rqYwXwHeNrAudgHe60NHRdJwN0+mHydliOpkv5uNslCbxZDqNk/HAb1D7v0YI6UfrTve5vdYeL/dlRx+HnyfjaWb5Fh/TeXZP8JncC1J2+boefEVn9tCu+1VBFMJoOgfno9JdWEm7yJDBsoEzKdcF2jkgsCR0U1e/Mmg0nS/mWZxNhov5ePZlPJsPfP+FfC90H/sQCo/CHrwN3ec/meYdwql9/LbjSUpZCwNyBYVct4MLlAjb8Ct+hSCFg+lGGyz3r3E4d4mE7C40DqIHp5OzB+UYLFn0Q9ZKkIK53fhEAw8TspuhXYhcijnSQfQ40Nsibl4kdn9NVlNsb8lwRerCgKjLJSp7Wy1IpXNpNKyULOE46B3dZgtectMFI+EVEMFawKvHAOBlJZUhooUeP9Hii+R0PFt8niSTbOBbBf9R7NX9hglSVahu2qQjJaV5wqD7BItJcp7Osnhqqfbo72dPXhS6ez/QUAuByJC56bbbyJXhjKam6AJrgbaqQMitLax9lJZrFd78pnO59+YWBAfevwEAAP//ZWbgRxgKAAA="
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.control_planes[\"0-0-control-plane-fsn1\"]",
-      "mode": "managed",
-      "type": "hcloud_server",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "backup_window": "",
-            "backups": false,
-            "datacenter": "fsn1-dc14",
-            "delete_protection": false,
-            "firewall_ids": [
-              385507
-            ],
-            "id": "20285806",
-            "ignore_remote_firewall_ids": false,
-            "image": "ubuntu-20.04",
-            "ipv4_address": "167.235.247.244",
-            "ipv6_address": "2a01:4f8:c012:d005::1",
-            "ipv6_network": "2a01:4f8:c012:d005::/64",
-            "iso": null,
-            "keep_disk": false,
-            "labels": {
-              "engine": "k3s",
-              "provisioner": "terraform"
-            },
-            "location": "fsn1",
-            "name": "clank-control-plane-fsn1-xgb",
-            "network": [],
-            "placement_group_id": 41239,
-            "rebuild_protection": false,
-            "rescue": "linux64",
-            "server_type": "cpx11",
-            "ssh_keys": [
-              "6372775"
-            ],
-            "status": "running",
-            "timeouts": null,
-            "user_data": "q20D423pjuDyFaau0XZQMqAEBkU="
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0=",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.control_planes[\"0-0-control-plane-fsn1\"]",
-      "mode": "managed",
-      "type": "hcloud_server_network",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "alias_ips": [],
-            "id": "20285806-1628275",
-            "ip": "10.255.0.101",
-            "mac_address": "86:00:00:0f:24:bc",
-            "network_id": null,
-            "server_id": 20285806,
-            "subnet_id": "1628275-10.255.0.0/16"
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.control_planes[\"0-0-control-plane-fsn1\"]",
-      "mode": "managed",
-      "type": "random_string",
-      "name": "server",
-      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
-      "instances": [
-        {
-          "schema_version": 1,
-          "attributes": {
-            "id": "xgb",
-            "keepers": {
-              "name": "clank-control-plane-fsn1"
-            },
-            "length": 3,
-            "lower": true,
-            "min_lower": 0,
-            "min_numeric": 0,
-            "min_special": 0,
-            "min_upper": 0,
-            "number": false,
-            "override_special": null,
-            "result": "xgb",
-            "special": false,
-            "upper": false
-          },
-          "sensitive_attributes": [],
-          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.control_planes[\"1-0-control-plane-nbg1\"]",
-      "mode": "data",
-      "type": "cloudinit_config",
-      "name": "config",
-      "provider": "provider[\"registry.terraform.io/hashicorp/cloudinit\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "base64_encode": true,
-            "boundary": "MIMEBOUNDARY",
-            "gzip": true,
-            "id": "995672426",
-            "part": [
-              {
-                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-control-plane-nbg1-qoq\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
-                "content_type": "text/cloud-config",
-                "filename": "init.cfg",
-                "merge_type": ""
-              }
-            ],
-            "rendered": "H4sIAAAAAAAA/4xWYW/ayhL9bin/YeR84D09bIekVVsqpOcATVFrnAtO23urCC27A95i77q76xBH98df7TppSEiaK8SHnTmcM3tmGHsohUFhgqypsA9lXRheEWWikl8jew9LWQtGVDPwk0kyPk0vpqN49qfv2VPwBZXmUvShFx4deAdeEOyCDrw77hHXldTcOCwxhtC8RGHew4oXKEiJA58LbkK6Wvv3v8oUEXqFKhgLKhkX6z68WXKzA3AlG7w2ES1kzQIqxYqvD7yEl7hX3OEuxvO2ihtc2AJ03/MOYejitUIwOUKl+BUxCALNVqoNcGFQrQhFLwDayvfhbw8A4DRNs/NZmqWDDstp1XHBeRbPsiQdjQcdUhtpgxUxeR8iNDTSjW7LiG75I76iq3WAJu/ZWkZck2WBoHUOFdF6KxUDUpscheGUWB/36zi/BcYPcCCky37r9T5ItSXKGnkXTMi1RWeKo4ZjF4qLQm4zWu2DXSZeozBP5GqTS8VvkH3CRn/gBUKodR6RX/HFBhv9yAWd2y9btF6ELNrUSwxyNDcCVWij1ow5GlC4lNJAiSaXDIgGf1MrZP6+C7Ox7cciGWcf09HAoR6qGjtVhFpvSBHUFSMGf2kNFdquz4igOSpQWEm4HZg9pe+qRQWbEx1QWZZSBNrYvl26vJvrO6ZPJxqGDgP/aUH/daAl0VirYpAbU+l+FKmqDG95Qy6jzYmOWnjUKkQlp0pKHQlJFM0dBwoLYIOeO62rNc2Rbm6P9gqLX7GjO8gGm+c0q3pZcBpusHlo3E1TVZGl0yGL9u8e2pT1MGbMDe5978H1Xut88Wge+h5AYMEBsuPXr3vvII7jeHgyvSHDXvHXaNKbZuPXNjZJy6KZjsZn139ci2/p57NEvD0abX+cm/8Nfw6b3psL8vVdMj+t8rRxjSLU/H/zo66LPOSurBlqfoMQXRHVBSENRF07SCYnpqPdf74g2oDdfW5RAReQWLPTOfCSrDH01kpubb7vXGR4xSnqPnz3Lal/aVUSskHQd1skl9rYMQCuQaMBKpVCaorGu8v0gRZEbOxWMkoWQVUQgYFYrnvBT/nTqxRqVFe4uMcbVaPnqVrQkrnFFWsgS3mFXSifFbf3tVTGC+C7RtaFTsA7XejoaDrOhun0w+RsMZ3MF/NxNkqTeDKdxsl44Deo/d8jhPSjdaf73F5rj5f7sqOPw8+T8TSzfIuP6TzbEXwm94KUXb6uB1/RmT20635VEIUwms7B+ah0F1bSLjJksGzgTMp1gXYOCCwJ3dTV7wwaTeeLeRZnk+FiPp59Gc/mA99/Id8L3cc+hMKjsAdvQ/f5V6Z5h3BqH7/teJJS1sKAXEEh1+3gAiXCNvyKXyFI4WC60QbL/Wsczl0iIdcXGgfRg9PJ2YNyDJYs+iFrJUjB3G58ooGHCbmeoV2IXIo50kH0ONDbIm5eJHZ/TVZTbG/JcEXqwoCoyyUqe1stSKVzaTSslCzhOOgd3WULXnLTBSPhFRDBWsCrxwDgZSWVIaKFHj/R4ovkdDxbfJ4kk2zgWwX/UezVbsMEqSpUt23SkZLSPGHQLsFikpynsyyeWqo9+t3syYtC9+8HGmohEBkyN912G7kynNHUFF1gLdBWFQi5tYW1j9JyrcLb33Qu997cguDA+ycAAP//VEY9HRgKAAA="
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.control_planes[\"1-0-control-plane-nbg1\"]",
-      "mode": "managed",
-      "type": "hcloud_server",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "backup_window": "",
-            "backups": false,
-            "datacenter": "nbg1-dc3",
-            "delete_protection": false,
-            "firewall_ids": [
-              385507
-            ],
-            "id": "20285810",
-            "ignore_remote_firewall_ids": false,
-            "image": "ubuntu-20.04",
-            "ipv4_address": "116.203.29.245",
-            "ipv6_address": "2a01:4f8:1c1e:c5b4::1",
-            "ipv6_network": "2a01:4f8:1c1e:c5b4::/64",
-            "iso": null,
-            "keep_disk": false,
-            "labels": {
-              "engine": "k3s",
-              "provisioner": "terraform"
-            },
-            "location": "nbg1",
-            "name": "clank-control-plane-nbg1-qoq",
-            "network": [],
-            "placement_group_id": 41239,
-            "rebuild_protection": false,
-            "rescue": "linux64",
-            "server_type": "cpx11",
-            "ssh_keys": [
-              "6372775"
-            ],
-            "status": "running",
-            "timeouts": null,
-            "user_data": "sd58J9GBO6v2yR7ice2U4SlzYwA="
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0=",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.control_planes[\"1-0-control-plane-nbg1\"]",
-      "mode": "managed",
-      "type": "hcloud_server_network",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "alias_ips": [],
-            "id": "20285810-1628275",
-            "ip": "10.254.0.101",
-            "mac_address": "86:00:00:0f:24:c2",
-            "network_id": null,
-            "server_id": 20285810,
-            "subnet_id": "1628275-10.254.0.0/16"
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.control_planes[\"1-0-control-plane-nbg1\"]",
-      "mode": "managed",
-      "type": "random_string",
-      "name": "server",
-      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
-      "instances": [
-        {
-          "schema_version": 1,
-          "attributes": {
-            "id": "qoq",
-            "keepers": {
-              "name": "clank-control-plane-nbg1"
-            },
-            "length": 3,
-            "lower": true,
-            "min_lower": 0,
-            "min_numeric": 0,
-            "min_special": 0,
-            "min_upper": 0,
-            "number": false,
-            "override_special": null,
-            "result": "qoq",
-            "special": false,
-            "upper": false
-          },
-          "sensitive_attributes": [],
-          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.control_planes[\"2-0-control-plane-hel1\"]",
-      "mode": "data",
-      "type": "cloudinit_config",
-      "name": "config",
-      "provider": "provider[\"registry.terraform.io/hashicorp/cloudinit\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "base64_encode": true,
-            "boundary": "MIMEBOUNDARY",
-            "gzip": true,
-            "id": "1329203202",
-            "part": [
-              {
-                "content": "#cloud-config\n\nwrite_files:\n\n# Configure the private network interface\n- content: |\n    BOOTPROTO='dhcp'\n    STARTMODE='auto'\n  path: /etc/sysconfig/network/ifcfg-eth1\n\n# Disable ssh password authentication\n- content: |\n    PasswordAuthentication no\n    X11Forwarding no\n    MaxAuthTries 2\n    AllowTcpForwarding no\n    AllowAgentForwarding no\n    AuthorizedKeysFile .ssh/authorized_keys\n  path: /etc/ssh/sshd_config.d/kube-hetzner.conf\n\n# Set reboot method as \"kured\"\n- content: |\n    REBOOT_METHOD=kured\n  path: /etc/transactional-update.conf\n\n# Create Rancher repo config\n- content: |\n    [rancher-k3s-common-stable]\n    name=Rancher K3s Common (stable)\n    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch\n    enabled=1\n    gpgcheck=1\n    repo_gpgcheck=0\n    gpgkey=https://rpm.rancher.io/public.key\n  path: /etc/zypp/repos.d/rancher-k3s-common.repo\n\n# Add ssh authorized keys\nssh_authorized_keys:\n  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmlyNDEGxQxnXOLGMn80DwjPt+CqCy17UaW9MSBphOy contact@kjuulh.io\n\n# Resize /var, not /, as that's the last partition in MicroOS image.\ngrowpart:\n    devices: [\"/var\"]\n\n# Make sure the hostname is set correctly\nhostname: clank-control-plane-hel1-ugh\npreserve_hostname: true\n\nruncmd:\n\n# As above, make sure the hostname is not reset\n- [sed, '-i', 's/NETCONFIG_NIS_SETDOMAINNAME=\"yes\"/NETCONFIG_NIS_SETDOMAINNAME=\"no\"/g', /etc/sysconfig/network/config]\n- [sed, '-i', 's/DHCLIENT_SET_HOSTNAME=\"yes\"/DHCLIENT_SET_HOSTNAME=\"no\"/g', /etc/sysconfig/network/dhcp]\n\n# We set Cloudflare DNS servers, followed by Google as a backup\n- [sed, '-i', 's/NETCONFIG_DNS_STATIC_SERVERS=\"\"/NETCONFIG_DNS_STATIC_SERVERS=\"1.1.1.1 1.0.0.1 8.8.8.8\"/g', /etc/sysconfig/network/config]\n\n# Bounds the amount of logs that can survive on the system\n- [sed, '-i', 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf]\n- [sed, '-i', 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf]\n\n# Reduces the default number of snapshots from 2-10 number limit, to 4 and from 4-10 number limit important, to 2\n- [sed, '-i', 's/NUMBER_LIMIT=\"2-10\"/NUMBER_LIMIT=\"4\"/g', /etc/snapper/configs/root]\n- [sed, '-i', 's/NUMBER_LIMIT_IMPORTANT=\"4-10\"/NUMBER_LIMIT_IMPORTANT=\"3\"/g', /etc/snapper/configs/root]\n\n# Disables unneeded services\n- [systemctl, disable, '--now', 'rebootmgr.service']\n",
-                "content_type": "text/cloud-config",
-                "filename": "init.cfg",
-                "merge_type": ""
-              }
-            ],
-            "rendered": "H4sIAAAAAAAA/4xW4W/ayBP9bin/w8j5wO+nw3ZIWrWlQjoHaIpa4xw4be+qCC27A95i7/p21yGO7o8/7TppSEiaE+LDzjzem30zHjOUwqAwQdZU2IeyLgyviDJRya+RvYelrAUjqhn4ySQZn6YX01E8+9P37Cn4gkpzKfrQC48OvAMvCHZBB94d94jrSmpuHJYYQ2heojDvYcULFKTEgc8FNyFdrf37X2WKCL1CFYwFlYyLdR/eLLnZAbiSDV6biBayZgGVYsXXB17CS9wr7nAX43lbxQ0ubAG673mHMHTxWiGYHKFS/IoYBIFmK9UGuDCoVoSiFwBt5fvwjwcAcJqm2fkszdJBh+W06rjgPItnWZKOxoMOqY20wYqYvA8RGhrpRrdlRLf8EV/R1TpAk/dsLSOuybJA0DqHimi9lYoBqU2OwnBKrI/7dZzfAuMHOBDSZb/1eh+k2hJljbwLJuTaojPFUcOxC8VFIbcZrfbBLhOvUZgncrXJpeI3yD5hoz/wAiHUOo/Iz/hig41+5ILO7ZctWi9CFm3qJQY5mhuBKrRRa8YcDShcSmmgRJNLBkSDv6kVMn/fhdnY9mORjLOP6WjgUA9VjZ0qQq03pAjqihGDP7WGCm3XZ0TQHBUorCTcDsye0nfVooLNiQ6oLEspAm1s3y5d3s31HdOnEw1Dh4H/taD/O9CSaKxVMciNqXQ/ilRVhre8IZfR5kRHLTxqFaKSUyWljoQkiuaOA4UFsEHPndbVmuZIN7dHe4XFz9jRHWSDzXOaVb0sOA032Dw07qapqsjS6ZBF+3cPbcp6GDPmBve+9+B6r3W+eDQPfQ8gsOAA2fHr1713EMdxPDyZ3pBhr/hrNOlNs/FrG5ukZdFMR+Oz6z+uxbf081ki3h6Ntj/OzW/Dv4dN780F+foumZ9Wedq4RhFqft/8qOsiD7kra4aa3yBEV0R1QUgDUdcOksmJ6Wj3zBdEG7C7zy0q4AISa3Y6B16SNYbeWsmtzfediwyvOEXdh+++JfUvrUpCNgj6bovkUhs7BsA1aDRApVJITdF4d5k+0IKIjd1KRskiqAoi7CNQ9IJ6nXuVQo3qChf3eKNq9DxVC1oyt7hiDWQpr7AL5bPi9r6WyngBfNfIutAJeKcLHR1Nx9kwnX6YnC2mk/liPs5GaRJPptM4GQ/8BrX/a4SQfrTudJ/ba+3xcl929HH4eTKeZpZv8TGdZzuCz+RekLLL1/XgKzqzh3bdrwqiEEbTOTgfle7CStpFhgyWDZxJuS7QzgGBJaGbuvqVQaPpfDHP4mwyXMzHsy/j2Xzg+y/ke6H72JdQeBT24G3oPv/JNO8QTu3rtx1PUspaGJArKOS6HVygRNiGX/ErBCkcTDfaYLl/jcO5SyTk+kLjIHpwOjl7UI7BkkU/ZK0EKZjbjU808DAh1zO0C5FLMUc6iB4HelvEzYvE7tFkNcX2lgxXpC4MiLpcorK31YJUOpdGw0rJEo6D3tFdtuAlN10wEl4BEawFvHoMAF5WUhkiWujxEy2+SE7Hs8XnSTLJBr5V8B/FXu02TJCqQnXbJh0pKc0TBu0SLCbJeTrL4qml2qPfzZ68KHT//0BDLQQiQ+am224jV4YzmpqiC6wF2qoCIbe2sPZVWq5VePubzuXeP7cgOPD+DQAA//9dHkfzGAoAAA=="
-          },
-          "sensitive_attributes": []
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.control_planes[\"2-0-control-plane-hel1\"]",
-      "mode": "managed",
-      "type": "hcloud_server",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "backup_window": "",
-            "backups": false,
-            "datacenter": "hel1-dc2",
-            "delete_protection": false,
-            "firewall_ids": [
-              385507
-            ],
-            "id": "20285808",
-            "ignore_remote_firewall_ids": false,
-            "image": "ubuntu-20.04",
-            "ipv4_address": "65.108.211.112",
-            "ipv6_address": "2a01:4f9:c012:5e83::1",
-            "ipv6_network": "2a01:4f9:c012:5e83::/64",
-            "iso": null,
-            "keep_disk": false,
-            "labels": {
-              "engine": "k3s",
-              "provisioner": "terraform"
-            },
-            "location": "hel1",
-            "name": "clank-control-plane-hel1-ugh",
-            "network": [],
-            "placement_group_id": 41239,
-            "rebuild_protection": false,
-            "rescue": "linux64",
-            "server_type": "cpx11",
-            "ssh_keys": [
-              "6372775"
-            ],
-            "status": "running",
-            "timeouts": null,
-            "user_data": "F4b9NkwJcbpEFxr8BVunS+1C0zo="
-          },
-          "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0=",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.control_planes[\"2-0-control-plane-hel1\"]",
-      "mode": "managed",
-      "type": "hcloud_server_network",
-      "name": "server",
-      "provider": "module.kube-hetzner.provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
-      "instances": [
-        {
-          "schema_version": 0,
-          "attributes": {
-            "alias_ips": [],
-            "id": "20285808-1628275",
-            "ip": "10.253.0.101",
-            "mac_address": "86:00:00:0f:24:c3",
-            "network_id": null,
-            "server_id": 20285808,
-            "subnet_id": "1628275-10.253.0.0/16"
-          },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_firewall.k3s",
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane",
-            "module.kube-hetzner.hcloud_placement_group.control_plane",
-            "module.kube-hetzner.hcloud_ssh_key.k3s",
-            "module.kube-hetzner.module.control_planes.data.cloudinit_config.config",
-            "module.kube-hetzner.module.control_planes.hcloud_server.server",
-            "module.kube-hetzner.module.control_planes.random_string.server"
-          ]
-        }
-      ]
-    },
-    {
-      "module": "module.kube-hetzner.module.control_planes[\"2-0-control-plane-hel1\"]",
-      "mode": "managed",
-      "type": "random_string",
-      "name": "server",
-      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
-      "instances": [
-        {
-          "schema_version": 1,
-          "attributes": {
-            "id": "ugh",
-            "keepers": {
-              "name": "clank-control-plane-hel1"
-            },
-            "length": 3,
-            "lower": true,
-            "min_lower": 0,
-            "min_numeric": 0,
-            "min_special": 0,
-            "min_upper": 0,
-            "number": false,
-            "override_special": null,
-            "result": "ugh",
-            "special": false,
-            "upper": false
-          },
-          "sensitive_attributes": [],
-          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
-          "dependencies": [
-            "module.kube-hetzner.hcloud_network.k3s",
-            "module.kube-hetzner.hcloud_network_subnet.control_plane"
-          ]
-        }
-      ]
-    }
-  ]
+  "resources": []
 }