diff --git a/clusters/production/flux-system/gotk-components.yaml b/clusters/production/flux-system/gotk-components.yaml index e720d3e..71f811a 100644 --- a/clusters/production/flux-system/gotk-components.yaml +++ b/clusters/production/flux-system/gotk-components.yaml @@ -1,6 +1,6 @@ --- # This manifest was generated by flux. DO NOT EDIT. -# Flux Version: v2.0.1 +# Flux Version: v2.1.0 # Components: source-controller,kustomize-controller,helm-controller,notification-controller apiVersion: v1 kind: Namespace @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 pod-security.kubernetes.io/warn: restricted pod-security.kubernetes.io/warn-version: latest name: flux-system @@ -19,7 +19,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: allow-egress namespace: flux-system spec: @@ -39,7 +39,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: allow-scraping namespace: flux-system spec: @@ -59,7 +59,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: allow-webhooks namespace: flux-system spec: @@ -78,7 +78,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: critical-pods-flux-system namespace: flux-system spec: @@ -98,7 +98,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: crd-controller-flux-system rules: - apiGroups: @@ -188,7 +188,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: flux-edit-flux-system @@ -214,7 +214,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -239,7 +239,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: cluster-reconciler-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -259,7 +259,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: crd-controller-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -294,7 +294,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -617,7 +617,9 @@ spec: description: Insecure allows connecting to a non-TLS HTTP Endpoint. type: boolean interval: - description: Interval at which to check the Endpoint for updates. + description: Interval at which the Bucket Endpoint is checked for + updates. This interval is approximate and may be subject to jitter + to ensure efficient use of resources. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string provider: @@ -810,7 +812,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -894,9 +896,21 @@ spec: type: object type: array interval: - description: Interval at which to check the GitRepository for updates. + description: Interval at which the GitRepository URL is checked for + updates. This interval is approximate and may be subject to jitter + to ensure efficient use of resources. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string + proxySecretRef: + description: ProxySecretRef specifies the Secret containing the proxy + configuration to use while communicating with the Git server. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object recurseSubmodules: description: RecurseSubmodules enables the initialization of all submodules within the GitRepository as cloned from the URL, using their default @@ -963,10 +977,16 @@ spec: Git commit signature(s). properties: mode: - description: Mode specifies what Git object should be verified, - currently ('head'). + default: HEAD + description: "Mode specifies which Git object(s) should be verified. + \n The variants \"head\" and \"HEAD\" both imply the same thing, + i.e. verify the commit that the HEAD of the Git repository points + to. The variant \"head\" solely exists to ensure backwards compatibility." enum: - head + - HEAD + - Tag + - TagAndHEAD type: string secretRef: description: SecretRef specifies the Secret containing the public @@ -979,7 +999,6 @@ spec: - name type: object required: - - mode - secretRef type: object required: @@ -1202,6 +1221,10 @@ spec: description: ObservedRecurseSubmodules is the observed resource submodules configuration used to produce the current Artifact. type: boolean + sourceVerificationMode: + description: SourceVerificationMode is the last used verification + mode indicating which Git object(s) have been verified. + type: string type: object type: object served: true @@ -1990,7 +2013,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: helmcharts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2333,8 +2356,9 @@ spec: at in the SourceRef. type: string interval: - description: Interval is the interval at which to check the Source - for updates. + description: Interval at which the HelmChart SourceRef is checked + for updates. This interval is approximate and may be subject to + jitter to ensure efficient use of resources. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string reconcileStrategy: @@ -2585,7 +2609,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: helmrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2878,8 +2902,27 @@ spec: required: - namespaceSelectors type: object + certSecretRef: + description: "CertSecretRef can be given the name of a Secret containing + either or both of \n - a PEM-encoded client certificate (`tls.crt`) + and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) + \n and whichever are supplied, will be used for connecting to the + registry. The client cert and key are useful if you are authenticating + with a certificate; the CA cert is useful if you are using a self-signed + server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. + \n It takes precedence over the values specified in the Secret referred + to by `.spec.secretRef`." + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object interval: - description: Interval at which to check the URL for updates. + description: Interval at which the HelmRepository URL is checked for + updates. This interval is approximate and may be subject to jitter + to ensure efficient use of resources. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string passCredentials: @@ -2905,8 +2948,9 @@ spec: secretRef: description: SecretRef specifies the Secret containing authentication credentials for the HelmRepository. For HTTP/S basic auth the secret - must contain 'username' and 'password' fields. For TLS the secret - must contain a 'certFile' and 'keyFile', and/or 'caFile' fields. + must contain 'username' and 'password' fields. Support for TLS auth + using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated. + Please use `.spec.certSecretRef` instead. properties: name: description: Name of the referent. @@ -3089,7 +3133,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: ocirepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -3136,13 +3180,15 @@ spec: description: OCIRepositorySpec defines the desired state of OCIRepository properties: certSecretRef: - description: "CertSecretRef can be given the name of a secret containing - either or both of \n - a PEM-encoded client certificate (`certFile`) - and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`) + description: "CertSecretRef can be given the name of a Secret containing + either or both of \n - a PEM-encoded client certificate (`tls.crt`) + and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) \n and whichever are supplied, will be used for connecting to the registry. The client cert and key are useful if you are authenticating with a certificate; the CA cert is useful if you are using a self-signed - server certificate." + server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. + \n Note: Support for the `caFile`, `certFile` and `keyFile` keys + have been deprecated." properties: name: description: Name of the referent. @@ -3161,7 +3207,9 @@ spec: registry. type: boolean interval: - description: The interval at which to check for image updates. + description: Interval at which the OCIRepository URL is checked for + updates. This interval is approximate and may be subject to jitter + to ensure efficient use of resources. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string layerSelector: @@ -3448,7 +3496,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: source-controller namespace: flux-system --- @@ -3459,7 +3507,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 control-plane: controller name: source-controller namespace: flux-system @@ -3480,7 +3528,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 control-plane: controller name: source-controller namespace: flux-system @@ -3515,7 +3563,7 @@ spec: fieldPath: metadata.namespace - name: TUF_ROOT value: /tmp/.sigstore - image: ghcr.io/fluxcd/source-controller:v1.0.1 + image: ghcr.io/fluxcd/source-controller:v1.1.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -3579,7 +3627,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: kustomizations.kustomize.toolkit.fluxcd.io spec: group: kustomize.toolkit.fluxcd.io @@ -3746,6 +3794,8 @@ spec: type: array interval: description: The interval at which to reconcile the Kustomization. + This interval is approximate and may be subject to jitter to ensure + efficient use of resources. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string kubeConfig: @@ -5209,7 +5259,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: kustomize-controller namespace: flux-system --- @@ -5220,7 +5270,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 control-plane: controller name: kustomize-controller namespace: flux-system @@ -5249,7 +5299,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/kustomize-controller:v1.0.1 + image: ghcr.io/fluxcd/kustomize-controller:v1.1.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -5306,7 +5356,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io @@ -5585,7 +5635,9 @@ spec: type: string type: object interval: - description: Interval at which to reconcile the Helm release. + description: Interval at which to reconcile the Helm release. This + interval is approximate and may be subject to jitter to ensure efficient + use of resources. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string kubeConfig: @@ -6231,7 +6283,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: helm-controller namespace: flux-system --- @@ -6242,7 +6294,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 control-plane: controller name: helm-controller namespace: flux-system @@ -6271,7 +6323,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/helm-controller:v0.35.0 + image: ghcr.io/fluxcd/helm-controller:v0.36.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6328,7 +6380,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: alerts.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -6765,7 +6817,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: providers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -6998,8 +7050,9 @@ spec: maxLength: 2048 type: string certSecretRef: - description: CertSecretRef specifies the Secret containing a PEM-encoded - CA certificate (`caFile`). + description: "CertSecretRef specifies the Secret containing a PEM-encoded + CA certificate (in the `ca.crt` key). \n Note: Support for the `caFile` + key has been deprecated." properties: name: description: Name of the referent. @@ -7067,6 +7120,7 @@ spec: - grafana - githubdispatch - pagerduty + - datadog type: string username: description: Username specifies the name under which events are posted. @@ -7174,7 +7228,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: receivers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -7840,7 +7894,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 name: notification-controller namespace: flux-system --- @@ -7851,7 +7905,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 control-plane: controller name: notification-controller namespace: flux-system @@ -7872,7 +7926,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 control-plane: controller name: webhook-receiver namespace: flux-system @@ -7893,7 +7947,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.1 + app.kubernetes.io/version: v2.1.0 control-plane: controller name: notification-controller namespace: flux-system @@ -7921,7 +7975,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/notification-controller:v1.0.0 + image: ghcr.io/fluxcd/notification-controller:v1.1.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: