{ "description": "HelmRepository is the Schema for the helmrepositories API.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "HelmRepositorySpec specifies the required configuration to produce an\nArtifact for a Helm repository index YAML.", "properties": { "accessFrom": { "description": "AccessFrom specifies an Access Control List for allowing cross-namespace\nreferences to this object.\nNOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092", "properties": { "namespaceSelectors": { "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies.\nItems in this list are evaluated using a logical OR operation.", "items": { "description": "NamespaceSelector selects the namespaces to which this ACL applies.\nAn empty map of MatchLabels matches all namespaces in a cluster.", "properties": { "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "namespaceSelectors" ], "type": "object", "additionalProperties": false }, "certSecretRef": { "description": "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand whichever are supplied, will be used for connecting to the\nregistry. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nIt takes precedence over the values specified in the Secret referred\nto by `.spec.secretRef`.", "properties": { "name": { "description": "Name of the referent.", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "insecure": { "description": "Insecure allows connecting to a non-TLS HTTP container registry.\nThis field is only taken into account if the .spec.type field is set to 'oci'.", "type": "boolean" }, "interval": { "description": "Interval at which the HelmRepository URL is checked for updates.\nThis interval is approximate and may be subject to jitter to ensure\nefficient use of resources.", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$", "type": "string" }, "passCredentials": { "description": "PassCredentials allows the credentials from the SecretRef to be passed\non to a host that does not match the host as defined in URL.\nThis may be required if the host of the advertised chart URLs in the\nindex differ from the defined URL.\nEnabling this should be done with caution, as it can potentially result\nin credentials getting stolen in a MITM-attack.", "type": "boolean" }, "provider": { "default": "generic", "description": "Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.\nThis field is optional, and only taken into account if the .spec.type field is set to 'oci'.\nWhen not specified, defaults to 'generic'.", "enum": [ "generic", "aws", "azure", "gcp" ], "type": "string" }, "secretRef": { "description": "SecretRef specifies the Secret containing authentication credentials\nfor the HelmRepository.\nFor HTTP/S basic auth the secret must contain 'username' and 'password'\nfields.\nSupport for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile'\nkeys is deprecated. Please use `.spec.certSecretRef` instead.", "properties": { "name": { "description": "Name of the referent.", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "suspend": { "description": "Suspend tells the controller to suspend the reconciliation of this\nHelmRepository.", "type": "boolean" }, "timeout": { "description": "Timeout is used for the index fetch operation for an HTTPS helm repository,\nand for remote OCI Repository operations like pulling for an OCI helm\nchart by the associated HelmChart.\nIts default value is 60s.", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m))+$", "type": "string" }, "type": { "description": "Type of the HelmRepository.\nWhen this field is set to \"oci\", the URL field value must be prefixed with \"oci://\".", "enum": [ "default", "oci" ], "type": "string" }, "url": { "description": "URL of the Helm repository, a valid URL contains at least a protocol and\nhost.", "pattern": "^(http|https|oci)://.*$", "type": "string" } }, "required": [ "url" ], "type": "object", "additionalProperties": false }, "status": { "default": { "observedGeneration": -1 }, "description": "HelmRepositoryStatus records the observed state of the HelmRepository.", "properties": { "artifact": { "description": "Artifact represents the last successful HelmRepository reconciliation.", "properties": { "digest": { "description": "Digest is the digest of the file in the form of ':'.", "pattern": "^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$", "type": "string" }, "lastUpdateTime": { "description": "LastUpdateTime is the timestamp corresponding to the last update of the\nArtifact.", "format": "date-time", "type": "string" }, "metadata": { "additionalProperties": { "type": "string" }, "description": "Metadata holds upstream information such as OCI annotations.", "type": "object" }, "path": { "description": "Path is the relative file path of the Artifact. It can be used to locate\nthe file in the root of the Artifact storage on the local file system of\nthe controller managing the Source.", "type": "string" }, "revision": { "description": "Revision is a human-readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", "type": "string" }, "size": { "description": "Size is the number of bytes in the file.", "format": "int64", "type": "integer" }, "url": { "description": "URL is the HTTP address of the Artifact as exposed by the controller\nmanaging the Source. It can be used to retrieve the Artifact for\nconsumption, e.g. by another controller applying the Artifact contents.", "type": "string" } }, "required": [ "lastUpdateTime", "path", "revision", "url" ], "type": "object", "additionalProperties": false }, "conditions": { "description": "Conditions holds the conditions for the HelmRepository.", "items": { "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { "lastTransitionTime": { "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", "maxLength": 32768, "type": "string" }, "observedGeneration": { "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "minimum": 0, "type": "integer" }, "reason": { "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { "description": "status of the condition, one of True, False, Unknown.", "enum": [ "True", "False", "Unknown" ], "type": "string" }, "type": { "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ "lastTransitionTime", "message", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "lastHandledReconcileAt": { "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", "type": "string" }, "observedGeneration": { "description": "ObservedGeneration is the last observed generation of the HelmRepository\nobject.", "format": "int64", "type": "integer" }, "url": { "description": "URL is the dynamic fetch link for the latest Artifact.\nIt is provided on a \"best effort\" basis, and using the precise\nHelmRepositoryStatus.Artifact data is recommended.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object" }