├── README.md ├── fetch.sh ├── .github └── workflows │ └── fetch-upstream.yaml ├── all.json ├── alert-notification-v1beta3.json ├── provider-notification-v1beta1.json ├── provider-notification-v1beta3.json ├── externalartifact-source-v1.json ├── alert-notification-v1beta1.json ├── imagerepository-image-v1alpha1.json ├── imagerepository-image-v1alpha2.json ├── receiver-notification-v1beta1.json ├── provider-notification-v1beta2.json ├── imagepolicy-image-v1beta1.json ├── imagepolicy-image-v1alpha1.json ├── imagepolicy-image-v1alpha2.json ├── receiver-notification-v1beta2.json ├── alert-notification-v1beta2.json ├── helmrepository-source-v1beta1.json ├── receiver-notification-v1.json ├── imagerepository-image-v1beta1.json ├── bucket-source-v1beta1.json ├── helmchart-source-v1beta1.json ├── imageupdateautomation-image-v1alpha1.json ├── LICENSE ├── imagepolicy-image-v1.json └── imagepolicy-image-v1beta2.json /README.md: -------------------------------------------------------------------------------- 1 | # flux2-schemas 2 | FluxCD v2 CRD JSON Schemas 3 | -------------------------------------------------------------------------------- /fetch.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | curl -L https://github.com/fluxcd/flux2/releases/latest/download/crd-schemas.tar.gz | tar -zxvf - 3 | -------------------------------------------------------------------------------- /.github/workflows/fetch-upstream.yaml: -------------------------------------------------------------------------------- 1 | name: Fetch upstream 2 | 3 | on: 4 | workflow_dispatch: {} 5 | schedule: 6 | - cron: 0 0 * * * 7 | 8 | jobs: 9 | fetch-upstream: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v3 13 | - name: Fetch files 14 | run: | 15 | curl -L https://github.com/fluxcd/flux2/releases/latest/download/crd-schemas.tar.gz | tar -zxvf - 16 | - name: Create pull request 17 | uses: peter-evans/create-pull-request@v4 18 | with: 19 | token: ${{ secrets.GITHUB_TOKEN }} 20 | delete-branch: true 21 | title: "[bot] Automated update" 22 | signoff: true 23 | committer: Github 24 | author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com> 25 | body: | 26 | This is an automated update to manifest files from CI. 27 | Configuration of the workflow is located in `.github/workflows/fetch-upstream.yaml` 28 | labels: bot/update 29 | -------------------------------------------------------------------------------- /all.json: -------------------------------------------------------------------------------- 1 | { 2 | "oneOf": [ 3 | { 4 | "$ref": "_definitions.json#/definitions/notification.toolkit.fluxcd.io.v1beta2.Alert" 5 | }, 6 | { 7 | "$ref": "_definitions.json#/definitions/notification.toolkit.fluxcd.io.v1beta3.Alert" 8 | }, 9 | { 10 | "$ref": "_definitions.json#/definitions/source.extensions.fluxcd.io.v1beta1.ArtifactGenerator" 11 | }, 12 | { 13 | "$ref": "_definitions.json#/definitions/source.toolkit.fluxcd.io.v1.Bucket" 14 | }, 15 | { 16 | "$ref": "_definitions.json#/definitions/source.toolkit.fluxcd.io.v1beta2.Bucket" 17 | }, 18 | { 19 | "$ref": "_definitions.json#/definitions/source.toolkit.fluxcd.io.v1.ExternalArtifact" 20 | }, 21 | { 22 | "$ref": "_definitions.json#/definitions/source.toolkit.fluxcd.io.v1.GitRepository" 23 | }, 24 | { 25 | "$ref": "_definitions.json#/definitions/source.toolkit.fluxcd.io.v1beta2.GitRepository" 26 | }, 27 | { 28 | "$ref": "_definitions.json#/definitions/source.toolkit.fluxcd.io.v1.HelmChart" 29 | }, 30 | { 31 | "$ref": "_definitions.json#/definitions/source.toolkit.fluxcd.io.v1beta2.HelmChart" 32 | }, 33 | { 34 | "$ref": "_definitions.json#/definitions/helm.toolkit.fluxcd.io.v2.HelmRelease" 35 | }, 36 | { 37 | "$ref": "_definitions.json#/definitions/helm.toolkit.fluxcd.io.v2beta2.HelmRelease" 38 | }, 39 | { 40 | "$ref": "_definitions.json#/definitions/source.toolkit.fluxcd.io.v1.HelmRepository" 41 | }, 42 | { 43 | "$ref": "_definitions.json#/definitions/source.toolkit.fluxcd.io.v1beta2.HelmRepository" 44 | }, 45 | { 46 | "$ref": "_definitions.json#/definitions/image.toolkit.fluxcd.io.v1.ImagePolicy" 47 | }, 48 | { 49 | "$ref": "_definitions.json#/definitions/image.toolkit.fluxcd.io.v1beta2.ImagePolicy" 50 | }, 51 | { 52 | "$ref": "_definitions.json#/definitions/image.toolkit.fluxcd.io.v1.ImageRepository" 53 | }, 54 | { 55 | "$ref": "_definitions.json#/definitions/image.toolkit.fluxcd.io.v1beta2.ImageRepository" 56 | }, 57 | { 58 | "$ref": "_definitions.json#/definitions/image.toolkit.fluxcd.io.v1.ImageUpdateAutomation" 59 | }, 60 | { 61 | "$ref": "_definitions.json#/definitions/image.toolkit.fluxcd.io.v1beta2.ImageUpdateAutomation" 62 | }, 63 | { 64 | "$ref": "_definitions.json#/definitions/kustomize.toolkit.fluxcd.io.v1.Kustomization" 65 | }, 66 | { 67 | "$ref": "_definitions.json#/definitions/kustomize.toolkit.fluxcd.io.v1beta2.Kustomization" 68 | }, 69 | { 70 | "$ref": "_definitions.json#/definitions/source.toolkit.fluxcd.io.v1.OCIRepository" 71 | }, 72 | { 73 | "$ref": "_definitions.json#/definitions/source.toolkit.fluxcd.io.v1beta2.OCIRepository" 74 | }, 75 | { 76 | "$ref": "_definitions.json#/definitions/notification.toolkit.fluxcd.io.v1beta2.Provider" 77 | }, 78 | { 79 | "$ref": "_definitions.json#/definitions/notification.toolkit.fluxcd.io.v1beta3.Provider" 80 | }, 81 | { 82 | "$ref": "_definitions.json#/definitions/notification.toolkit.fluxcd.io.v1.Receiver" 83 | }, 84 | { 85 | "$ref": "_definitions.json#/definitions/notification.toolkit.fluxcd.io.v1beta2.Receiver" 86 | } 87 | ] 88 | } -------------------------------------------------------------------------------- /alert-notification-v1beta3.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "Alert is the Schema for the alerts API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "AlertSpec defines an alerting rule for events involving a list of objects.", 17 | "properties": { 18 | "eventMetadata": { 19 | "additionalProperties": { 20 | "type": "string" 21 | }, 22 | "description": "EventMetadata is an optional field for adding metadata to events dispatched by the\ncontroller. This can be used for enhancing the context of the event. If a field\nwould override one already present on the original event as generated by the emitter,\nthen the override doesn't happen, i.e. the original value is preserved, and an info\nlog is printed.", 23 | "type": "object" 24 | }, 25 | "eventSeverity": { 26 | "default": "info", 27 | "description": "EventSeverity specifies how to filter events based on severity.\nIf set to 'info' no events will be filtered.", 28 | "enum": [ 29 | "info", 30 | "error" 31 | ], 32 | "type": "string" 33 | }, 34 | "eventSources": { 35 | "description": "EventSources specifies how to filter events based\non the involved object kind, name and namespace.", 36 | "items": { 37 | "description": "CrossNamespaceObjectReference contains enough information to let you locate the\ntyped referenced object at cluster level", 38 | "properties": { 39 | "apiVersion": { 40 | "description": "API version of the referent", 41 | "type": "string" 42 | }, 43 | "kind": { 44 | "description": "Kind of the referent", 45 | "enum": [ 46 | "Bucket", 47 | "GitRepository", 48 | "Kustomization", 49 | "HelmRelease", 50 | "HelmChart", 51 | "HelmRepository", 52 | "ImageRepository", 53 | "ImagePolicy", 54 | "ImageUpdateAutomation", 55 | "OCIRepository" 56 | ], 57 | "type": "string" 58 | }, 59 | "matchLabels": { 60 | "additionalProperties": { 61 | "type": "string" 62 | }, 63 | "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.\nMatchLabels requires the name to be set to `*`.", 64 | "type": "object" 65 | }, 66 | "name": { 67 | "description": "Name of the referent\nIf multiple resources are targeted `*` may be set.", 68 | "maxLength": 253, 69 | "minLength": 1, 70 | "type": "string" 71 | }, 72 | "namespace": { 73 | "description": "Namespace of the referent", 74 | "maxLength": 253, 75 | "minLength": 1, 76 | "type": "string" 77 | } 78 | }, 79 | "required": [ 80 | "kind", 81 | "name" 82 | ], 83 | "type": "object", 84 | "additionalProperties": false 85 | }, 86 | "type": "array" 87 | }, 88 | "exclusionList": { 89 | "description": "ExclusionList specifies a list of Golang regular expressions\nto be used for excluding messages.", 90 | "items": { 91 | "type": "string" 92 | }, 93 | "type": "array" 94 | }, 95 | "inclusionList": { 96 | "description": "InclusionList specifies a list of Golang regular expressions\nto be used for including messages.", 97 | "items": { 98 | "type": "string" 99 | }, 100 | "type": "array" 101 | }, 102 | "providerRef": { 103 | "description": "ProviderRef specifies which Provider this Alert should use.", 104 | "properties": { 105 | "name": { 106 | "description": "Name of the referent.", 107 | "type": "string" 108 | } 109 | }, 110 | "required": [ 111 | "name" 112 | ], 113 | "type": "object", 114 | "additionalProperties": false 115 | }, 116 | "summary": { 117 | "description": "Summary holds a short description of the impact and affected cluster.\nDeprecated: Use EventMetadata instead.", 118 | "maxLength": 255, 119 | "type": "string" 120 | }, 121 | "suspend": { 122 | "description": "Suspend tells the controller to suspend subsequent\nevents handling for this Alert.", 123 | "type": "boolean" 124 | } 125 | }, 126 | "required": [ 127 | "eventSources", 128 | "providerRef" 129 | ], 130 | "type": "object", 131 | "additionalProperties": false 132 | } 133 | }, 134 | "type": "object" 135 | } -------------------------------------------------------------------------------- /provider-notification-v1beta1.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "Provider is the Schema for the providers API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "ProviderSpec defines the desired state of Provider", 17 | "properties": { 18 | "address": { 19 | "description": "HTTP/S webhook address of this provider", 20 | "pattern": "^(http|https)://", 21 | "type": "string" 22 | }, 23 | "certSecretRef": { 24 | "description": "CertSecretRef can be given the name of a secret containing\na PEM-encoded CA certificate (`caFile`)", 25 | "properties": { 26 | "name": { 27 | "description": "Name of the referent.", 28 | "type": "string" 29 | } 30 | }, 31 | "required": [ 32 | "name" 33 | ], 34 | "type": "object", 35 | "additionalProperties": false 36 | }, 37 | "channel": { 38 | "description": "Alert channel for this provider", 39 | "type": "string" 40 | }, 41 | "proxy": { 42 | "description": "HTTP/S address of the proxy", 43 | "pattern": "^(http|https)://", 44 | "type": "string" 45 | }, 46 | "secretRef": { 47 | "description": "Secret reference containing the provider webhook URL\nusing \"address\" as data key", 48 | "properties": { 49 | "name": { 50 | "description": "Name of the referent.", 51 | "type": "string" 52 | } 53 | }, 54 | "required": [ 55 | "name" 56 | ], 57 | "type": "object", 58 | "additionalProperties": false 59 | }, 60 | "suspend": { 61 | "description": "This flag tells the controller to suspend subsequent events handling.\nDefaults to false.", 62 | "type": "boolean" 63 | }, 64 | "timeout": { 65 | "description": "Timeout for sending alerts to the provider.", 66 | "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m))+$", 67 | "type": "string" 68 | }, 69 | "type": { 70 | "description": "Type of provider", 71 | "enum": [ 72 | "slack", 73 | "discord", 74 | "msteams", 75 | "rocket", 76 | "generic", 77 | "generic-hmac", 78 | "github", 79 | "gitlab", 80 | "bitbucket", 81 | "azuredevops", 82 | "googlechat", 83 | "webex", 84 | "sentry", 85 | "azureeventhub", 86 | "telegram", 87 | "lark", 88 | "matrix", 89 | "opsgenie", 90 | "alertmanager", 91 | "grafana", 92 | "githubdispatch" 93 | ], 94 | "type": "string" 95 | }, 96 | "username": { 97 | "description": "Bot username for this provider", 98 | "type": "string" 99 | } 100 | }, 101 | "required": [ 102 | "type" 103 | ], 104 | "type": "object", 105 | "additionalProperties": false 106 | }, 107 | "status": { 108 | "default": { 109 | "observedGeneration": -1 110 | }, 111 | "description": "ProviderStatus defines the observed state of Provider", 112 | "properties": { 113 | "conditions": { 114 | "items": { 115 | "description": "Condition contains details for one aspect of the current state of this API Resource.", 116 | "properties": { 117 | "lastTransitionTime": { 118 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 119 | "format": "date-time", 120 | "type": "string" 121 | }, 122 | "message": { 123 | "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", 124 | "maxLength": 32768, 125 | "type": "string" 126 | }, 127 | "observedGeneration": { 128 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", 129 | "format": "int64", 130 | "minimum": 0, 131 | "type": "integer" 132 | }, 133 | "reason": { 134 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", 135 | "maxLength": 1024, 136 | "minLength": 1, 137 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 138 | "type": "string" 139 | }, 140 | "status": { 141 | "description": "status of the condition, one of True, False, Unknown.", 142 | "enum": [ 143 | "True", 144 | "False", 145 | "Unknown" 146 | ], 147 | "type": "string" 148 | }, 149 | "type": { 150 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", 151 | "maxLength": 316, 152 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 153 | "type": "string" 154 | } 155 | }, 156 | "required": [ 157 | "lastTransitionTime", 158 | "message", 159 | "reason", 160 | "status", 161 | "type" 162 | ], 163 | "type": "object", 164 | "additionalProperties": false 165 | }, 166 | "type": "array" 167 | }, 168 | "observedGeneration": { 169 | "description": "ObservedGeneration is the last reconciled generation.", 170 | "format": "int64", 171 | "type": "integer" 172 | } 173 | }, 174 | "type": "object", 175 | "additionalProperties": false 176 | } 177 | }, 178 | "type": "object" 179 | } -------------------------------------------------------------------------------- /provider-notification-v1beta3.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "Provider is the Schema for the providers API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "ProviderSpec defines the desired state of the Provider.", 17 | "properties": { 18 | "address": { 19 | "description": "Address specifies the endpoint, in a generic sense, to where alerts are sent.\nWhat kind of endpoint depends on the specific Provider type being used.\nFor the generic Provider, for example, this is an HTTP/S address.\nFor other Provider types this could be a project ID or a namespace.", 20 | "maxLength": 2048, 21 | "type": "string" 22 | }, 23 | "certSecretRef": { 24 | "description": "CertSecretRef specifies the Secret containing TLS certificates\nfor secure communication.\n\nSupported configurations:\n- CA-only: Server authentication (provide ca.crt only)\n- mTLS: Mutual authentication (provide ca.crt + tls.crt + tls.key)\n- Client-only: Client authentication with system CA (provide tls.crt + tls.key only)\n\nLegacy keys \"caFile\", \"certFile\", \"keyFile\" are supported but deprecated. Use \"ca.crt\", \"tls.crt\", \"tls.key\" instead.", 25 | "properties": { 26 | "name": { 27 | "description": "Name of the referent.", 28 | "type": "string" 29 | } 30 | }, 31 | "required": [ 32 | "name" 33 | ], 34 | "type": "object", 35 | "additionalProperties": false 36 | }, 37 | "channel": { 38 | "description": "Channel specifies the destination channel where events should be posted.", 39 | "maxLength": 2048, 40 | "type": "string" 41 | }, 42 | "commitStatusExpr": { 43 | "description": "CommitStatusExpr is a CEL expression that evaluates to a string value\nthat can be used to generate a custom commit status message for use\nwith eligible Provider types (github, gitlab, gitea, bitbucketserver,\nbitbucket, azuredevops). Supported variables are: event, provider,\nand alert.", 44 | "type": "string" 45 | }, 46 | "interval": { 47 | "description": "Interval at which to reconcile the Provider with its Secret references.\nDeprecated and not used in v1beta3.", 48 | "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$", 49 | "type": "string" 50 | }, 51 | "proxy": { 52 | "description": "Proxy the HTTP/S address of the proxy server.\nDeprecated: Use ProxySecretRef instead. Will be removed in v1.", 53 | "maxLength": 2048, 54 | "pattern": "^(http|https)://.*$", 55 | "type": "string" 56 | }, 57 | "proxySecretRef": { 58 | "description": "ProxySecretRef specifies the Secret containing the proxy configuration\nfor this Provider. The Secret should contain an 'address' key with the\nHTTP/S address of the proxy server. Optional 'username' and 'password'\nkeys can be provided for proxy authentication.", 59 | "properties": { 60 | "name": { 61 | "description": "Name of the referent.", 62 | "type": "string" 63 | } 64 | }, 65 | "required": [ 66 | "name" 67 | ], 68 | "type": "object", 69 | "additionalProperties": false 70 | }, 71 | "secretRef": { 72 | "description": "SecretRef specifies the Secret containing the authentication\ncredentials for this Provider.", 73 | "properties": { 74 | "name": { 75 | "description": "Name of the referent.", 76 | "type": "string" 77 | } 78 | }, 79 | "required": [ 80 | "name" 81 | ], 82 | "type": "object", 83 | "additionalProperties": false 84 | }, 85 | "serviceAccountName": { 86 | "description": "ServiceAccountName is the name of the Kubernetes ServiceAccount used to\nauthenticate with cloud provider services through workload identity.\nThis enables multi-tenant authentication without storing static credentials.\n\nSupported provider types: azureeventhub, azuredevops, googlepubsub\n\nWhen specified, the controller will:\n1. Create an OIDC token for the specified ServiceAccount\n2. Exchange it for cloud provider credentials via STS\n3. Use the obtained credentials for API authentication\n\nWhen unspecified, controller-level authentication is used (single-tenant).\n\nAn error is thrown if static credentials are also defined in SecretRef.\nThis field requires the ObjectLevelWorkloadIdentity feature gate to be enabled.", 87 | "type": "string" 88 | }, 89 | "suspend": { 90 | "description": "Suspend tells the controller to suspend subsequent\nevents handling for this Provider.", 91 | "type": "boolean" 92 | }, 93 | "timeout": { 94 | "description": "Timeout for sending alerts to the Provider.", 95 | "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m))+$", 96 | "type": "string" 97 | }, 98 | "type": { 99 | "description": "Type specifies which Provider implementation to use.", 100 | "enum": [ 101 | "slack", 102 | "discord", 103 | "msteams", 104 | "rocket", 105 | "generic", 106 | "generic-hmac", 107 | "github", 108 | "gitlab", 109 | "gitea", 110 | "bitbucketserver", 111 | "bitbucket", 112 | "azuredevops", 113 | "googlechat", 114 | "googlepubsub", 115 | "webex", 116 | "sentry", 117 | "azureeventhub", 118 | "telegram", 119 | "lark", 120 | "matrix", 121 | "opsgenie", 122 | "alertmanager", 123 | "grafana", 124 | "githubdispatch", 125 | "pagerduty", 126 | "datadog", 127 | "nats", 128 | "zulip", 129 | "otel" 130 | ], 131 | "type": "string" 132 | }, 133 | "username": { 134 | "description": "Username specifies the name under which events are posted.", 135 | "maxLength": 2048, 136 | "type": "string" 137 | } 138 | }, 139 | "required": [ 140 | "type" 141 | ], 142 | "type": "object", 143 | "x-kubernetes-validations": [ 144 | { 145 | "message": "spec.commitStatusExpr is only supported for the 'github', 'gitlab', 'gitea', 'bitbucketserver', 'bitbucket', 'azuredevops' provider types", 146 | "rule": "self.type == 'github' || self.type == 'gitlab' || self.type == 'gitea' || self.type == 'bitbucketserver' || self.type == 'bitbucket' || self.type == 'azuredevops' || !has(self.commitStatusExpr)" 147 | } 148 | ], 149 | "additionalProperties": false 150 | } 151 | }, 152 | "type": "object" 153 | } -------------------------------------------------------------------------------- /externalartifact-source-v1.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "ExternalArtifact is the Schema for the external artifacts API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "ExternalArtifactSpec defines the desired state of ExternalArtifact", 17 | "properties": { 18 | "sourceRef": { 19 | "description": "SourceRef points to the Kubernetes custom resource for\nwhich the artifact is generated.", 20 | "properties": { 21 | "apiVersion": { 22 | "description": "API version of the referent, if not specified the Kubernetes preferred version will be used.", 23 | "type": "string" 24 | }, 25 | "kind": { 26 | "description": "Kind of the referent.", 27 | "type": "string" 28 | }, 29 | "name": { 30 | "description": "Name of the referent.", 31 | "type": "string" 32 | }, 33 | "namespace": { 34 | "description": "Namespace of the referent, when not specified it acts as LocalObjectReference.", 35 | "type": "string" 36 | } 37 | }, 38 | "required": [ 39 | "kind", 40 | "name" 41 | ], 42 | "type": "object", 43 | "additionalProperties": false 44 | } 45 | }, 46 | "type": "object", 47 | "additionalProperties": false 48 | }, 49 | "status": { 50 | "description": "ExternalArtifactStatus defines the observed state of ExternalArtifact", 51 | "properties": { 52 | "artifact": { 53 | "description": "Artifact represents the output of an ExternalArtifact reconciliation.", 54 | "properties": { 55 | "digest": { 56 | "description": "Digest is the digest of the file in the form of ':'.", 57 | "pattern": "^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$", 58 | "type": "string" 59 | }, 60 | "lastUpdateTime": { 61 | "description": "LastUpdateTime is the timestamp corresponding to the last update of the\nArtifact.", 62 | "format": "date-time", 63 | "type": "string" 64 | }, 65 | "metadata": { 66 | "additionalProperties": { 67 | "type": "string" 68 | }, 69 | "description": "Metadata holds upstream information such as OCI annotations.", 70 | "type": "object" 71 | }, 72 | "path": { 73 | "description": "Path is the relative file path of the Artifact. It can be used to locate\nthe file in the root of the Artifact storage on the local file system of\nthe controller managing the Source.", 74 | "type": "string" 75 | }, 76 | "revision": { 77 | "description": "Revision is a human-readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", 78 | "type": "string" 79 | }, 80 | "size": { 81 | "description": "Size is the number of bytes in the file.", 82 | "format": "int64", 83 | "type": "integer" 84 | }, 85 | "url": { 86 | "description": "URL is the HTTP address of the Artifact as exposed by the controller\nmanaging the Source. It can be used to retrieve the Artifact for\nconsumption, e.g. by another controller applying the Artifact contents.", 87 | "type": "string" 88 | } 89 | }, 90 | "required": [ 91 | "digest", 92 | "lastUpdateTime", 93 | "path", 94 | "revision", 95 | "url" 96 | ], 97 | "type": "object", 98 | "additionalProperties": false 99 | }, 100 | "conditions": { 101 | "description": "Conditions holds the conditions for the ExternalArtifact.", 102 | "items": { 103 | "description": "Condition contains details for one aspect of the current state of this API Resource.", 104 | "properties": { 105 | "lastTransitionTime": { 106 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 107 | "format": "date-time", 108 | "type": "string" 109 | }, 110 | "message": { 111 | "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", 112 | "maxLength": 32768, 113 | "type": "string" 114 | }, 115 | "observedGeneration": { 116 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", 117 | "format": "int64", 118 | "minimum": 0, 119 | "type": "integer" 120 | }, 121 | "reason": { 122 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", 123 | "maxLength": 1024, 124 | "minLength": 1, 125 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 126 | "type": "string" 127 | }, 128 | "status": { 129 | "description": "status of the condition, one of True, False, Unknown.", 130 | "enum": [ 131 | "True", 132 | "False", 133 | "Unknown" 134 | ], 135 | "type": "string" 136 | }, 137 | "type": { 138 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", 139 | "maxLength": 316, 140 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 141 | "type": "string" 142 | } 143 | }, 144 | "required": [ 145 | "lastTransitionTime", 146 | "message", 147 | "reason", 148 | "status", 149 | "type" 150 | ], 151 | "type": "object", 152 | "additionalProperties": false 153 | }, 154 | "type": "array" 155 | } 156 | }, 157 | "type": "object", 158 | "additionalProperties": false 159 | } 160 | }, 161 | "type": "object" 162 | } -------------------------------------------------------------------------------- /alert-notification-v1beta1.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "Alert is the Schema for the alerts API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "AlertSpec defines an alerting rule for events involving a list of objects", 17 | "properties": { 18 | "eventSeverity": { 19 | "default": "info", 20 | "description": "Filter events based on severity, defaults to ('info').\nIf set to 'info' no events will be filtered.", 21 | "enum": [ 22 | "info", 23 | "error" 24 | ], 25 | "type": "string" 26 | }, 27 | "eventSources": { 28 | "description": "Filter events based on the involved objects.", 29 | "items": { 30 | "description": "CrossNamespaceObjectReference contains enough information to let you locate the\ntyped referenced object at cluster level", 31 | "properties": { 32 | "apiVersion": { 33 | "description": "API version of the referent", 34 | "type": "string" 35 | }, 36 | "kind": { 37 | "description": "Kind of the referent", 38 | "enum": [ 39 | "Bucket", 40 | "GitRepository", 41 | "Kustomization", 42 | "HelmRelease", 43 | "HelmChart", 44 | "HelmRepository", 45 | "ImageRepository", 46 | "ImagePolicy", 47 | "ImageUpdateAutomation", 48 | "OCIRepository" 49 | ], 50 | "type": "string" 51 | }, 52 | "matchLabels": { 53 | "additionalProperties": { 54 | "type": "string" 55 | }, 56 | "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", 57 | "type": "object" 58 | }, 59 | "name": { 60 | "description": "Name of the referent", 61 | "maxLength": 53, 62 | "minLength": 1, 63 | "type": "string" 64 | }, 65 | "namespace": { 66 | "description": "Namespace of the referent", 67 | "maxLength": 53, 68 | "minLength": 1, 69 | "type": "string" 70 | } 71 | }, 72 | "required": [ 73 | "kind", 74 | "name" 75 | ], 76 | "type": "object", 77 | "additionalProperties": false 78 | }, 79 | "type": "array" 80 | }, 81 | "exclusionList": { 82 | "description": "A list of Golang regular expressions to be used for excluding messages.", 83 | "items": { 84 | "type": "string" 85 | }, 86 | "type": "array" 87 | }, 88 | "providerRef": { 89 | "description": "Send events using this provider.", 90 | "properties": { 91 | "name": { 92 | "description": "Name of the referent.", 93 | "type": "string" 94 | } 95 | }, 96 | "required": [ 97 | "name" 98 | ], 99 | "type": "object", 100 | "additionalProperties": false 101 | }, 102 | "summary": { 103 | "description": "Short description of the impact and affected cluster.", 104 | "type": "string" 105 | }, 106 | "suspend": { 107 | "description": "This flag tells the controller to suspend subsequent events dispatching.\nDefaults to false.", 108 | "type": "boolean" 109 | } 110 | }, 111 | "required": [ 112 | "eventSources", 113 | "providerRef" 114 | ], 115 | "type": "object", 116 | "additionalProperties": false 117 | }, 118 | "status": { 119 | "default": { 120 | "observedGeneration": -1 121 | }, 122 | "description": "AlertStatus defines the observed state of Alert", 123 | "properties": { 124 | "conditions": { 125 | "items": { 126 | "description": "Condition contains details for one aspect of the current state of this API Resource.", 127 | "properties": { 128 | "lastTransitionTime": { 129 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 130 | "format": "date-time", 131 | "type": "string" 132 | }, 133 | "message": { 134 | "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", 135 | "maxLength": 32768, 136 | "type": "string" 137 | }, 138 | "observedGeneration": { 139 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", 140 | "format": "int64", 141 | "minimum": 0, 142 | "type": "integer" 143 | }, 144 | "reason": { 145 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", 146 | "maxLength": 1024, 147 | "minLength": 1, 148 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 149 | "type": "string" 150 | }, 151 | "status": { 152 | "description": "status of the condition, one of True, False, Unknown.", 153 | "enum": [ 154 | "True", 155 | "False", 156 | "Unknown" 157 | ], 158 | "type": "string" 159 | }, 160 | "type": { 161 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", 162 | "maxLength": 316, 163 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 164 | "type": "string" 165 | } 166 | }, 167 | "required": [ 168 | "lastTransitionTime", 169 | "message", 170 | "reason", 171 | "status", 172 | "type" 173 | ], 174 | "type": "object", 175 | "additionalProperties": false 176 | }, 177 | "type": "array" 178 | }, 179 | "observedGeneration": { 180 | "description": "ObservedGeneration is the last observed generation.", 181 | "format": "int64", 182 | "type": "integer" 183 | } 184 | }, 185 | "type": "object", 186 | "additionalProperties": false 187 | } 188 | }, 189 | "type": "object" 190 | } -------------------------------------------------------------------------------- /imagerepository-image-v1alpha1.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "ImageRepository is the Schema for the imagerepositories API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "ImageRepositorySpec defines the parameters for scanning an image repository, e.g., `fluxcd/flux`.", 17 | "properties": { 18 | "certSecretRef": { 19 | "description": "CertSecretRef can be given the name of a secret containing either or both of \n - a PEM-encoded client certificate (`certFile`) and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`) \n and whichever are supplied, will be used for connecting to the registry. The client cert and key are useful if you are authenticating with a certificate; the CA cert is useful if you are using a self-signed server certificate.", 20 | "properties": { 21 | "name": { 22 | "description": "Name of the referent.", 23 | "type": "string" 24 | } 25 | }, 26 | "required": [ 27 | "name" 28 | ], 29 | "type": "object", 30 | "additionalProperties": false 31 | }, 32 | "image": { 33 | "description": "Image is the name of the image repository", 34 | "type": "string" 35 | }, 36 | "interval": { 37 | "description": "Interval is the length of time to wait between scans of the image repository.", 38 | "type": "string" 39 | }, 40 | "secretRef": { 41 | "description": "SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with `kubectl create secret docker-registry`, or the equivalent.", 42 | "properties": { 43 | "name": { 44 | "description": "Name of the referent.", 45 | "type": "string" 46 | } 47 | }, 48 | "required": [ 49 | "name" 50 | ], 51 | "type": "object", 52 | "additionalProperties": false 53 | }, 54 | "suspend": { 55 | "description": "This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false.", 56 | "type": "boolean" 57 | }, 58 | "timeout": { 59 | "description": "Timeout for image scanning. Defaults to 'Interval' duration.", 60 | "type": "string" 61 | } 62 | }, 63 | "type": "object", 64 | "additionalProperties": false 65 | }, 66 | "status": { 67 | "description": "ImageRepositoryStatus defines the observed state of ImageRepository", 68 | "properties": { 69 | "canonicalImageName": { 70 | "description": "CanonicalName is the name of the image repository with all the implied bits made explicit; e.g., `docker.io/library/alpine` rather than `alpine`.", 71 | "type": "string" 72 | }, 73 | "conditions": { 74 | "items": { 75 | "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", 76 | "properties": { 77 | "lastTransitionTime": { 78 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 79 | "format": "date-time", 80 | "type": "string" 81 | }, 82 | "message": { 83 | "description": "message is a human readable message indicating details about the transition. This may be an empty string.", 84 | "maxLength": 32768, 85 | "type": "string" 86 | }, 87 | "observedGeneration": { 88 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", 89 | "format": "int64", 90 | "minimum": 0, 91 | "type": "integer" 92 | }, 93 | "reason": { 94 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", 95 | "maxLength": 1024, 96 | "minLength": 1, 97 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 98 | "type": "string" 99 | }, 100 | "status": { 101 | "description": "status of the condition, one of True, False, Unknown.", 102 | "enum": [ 103 | "True", 104 | "False", 105 | "Unknown" 106 | ], 107 | "type": "string" 108 | }, 109 | "type": { 110 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", 111 | "maxLength": 316, 112 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 113 | "type": "string" 114 | } 115 | }, 116 | "required": [ 117 | "lastTransitionTime", 118 | "message", 119 | "reason", 120 | "status", 121 | "type" 122 | ], 123 | "type": "object", 124 | "additionalProperties": false 125 | }, 126 | "type": "array" 127 | }, 128 | "lastHandledReconcileAt": { 129 | "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", 130 | "type": "string" 131 | }, 132 | "lastScanResult": { 133 | "description": "LastScanResult contains the number of fetched tags.", 134 | "properties": { 135 | "scanTime": { 136 | "format": "date-time", 137 | "type": "string" 138 | }, 139 | "tagCount": { 140 | "type": "integer" 141 | } 142 | }, 143 | "required": [ 144 | "tagCount" 145 | ], 146 | "type": "object", 147 | "additionalProperties": false 148 | }, 149 | "observedGeneration": { 150 | "description": "ObservedGeneration is the last reconciled generation.", 151 | "format": "int64", 152 | "type": "integer" 153 | } 154 | }, 155 | "type": "object", 156 | "additionalProperties": false 157 | } 158 | }, 159 | "type": "object" 160 | } -------------------------------------------------------------------------------- /imagerepository-image-v1alpha2.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "ImageRepository is the Schema for the imagerepositories API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "ImageRepositorySpec defines the parameters for scanning an image repository, e.g., `fluxcd/flux`.", 17 | "properties": { 18 | "certSecretRef": { 19 | "description": "CertSecretRef can be given the name of a secret containing either or both of \n - a PEM-encoded client certificate (`certFile`) and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`) \n and whichever are supplied, will be used for connecting to the registry. The client cert and key are useful if you are authenticating with a certificate; the CA cert is useful if you are using a self-signed server certificate.", 20 | "properties": { 21 | "name": { 22 | "description": "Name of the referent.", 23 | "type": "string" 24 | } 25 | }, 26 | "required": [ 27 | "name" 28 | ], 29 | "type": "object", 30 | "additionalProperties": false 31 | }, 32 | "image": { 33 | "description": "Image is the name of the image repository", 34 | "type": "string" 35 | }, 36 | "interval": { 37 | "description": "Interval is the length of time to wait between scans of the image repository.", 38 | "type": "string" 39 | }, 40 | "secretRef": { 41 | "description": "SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with `kubectl create secret docker-registry`, or the equivalent.", 42 | "properties": { 43 | "name": { 44 | "description": "Name of the referent.", 45 | "type": "string" 46 | } 47 | }, 48 | "required": [ 49 | "name" 50 | ], 51 | "type": "object", 52 | "additionalProperties": false 53 | }, 54 | "suspend": { 55 | "description": "This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false.", 56 | "type": "boolean" 57 | }, 58 | "timeout": { 59 | "description": "Timeout for image scanning. Defaults to 'Interval' duration.", 60 | "type": "string" 61 | } 62 | }, 63 | "type": "object", 64 | "additionalProperties": false 65 | }, 66 | "status": { 67 | "description": "ImageRepositoryStatus defines the observed state of ImageRepository", 68 | "properties": { 69 | "canonicalImageName": { 70 | "description": "CanonicalName is the name of the image repository with all the implied bits made explicit; e.g., `docker.io/library/alpine` rather than `alpine`.", 71 | "type": "string" 72 | }, 73 | "conditions": { 74 | "items": { 75 | "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", 76 | "properties": { 77 | "lastTransitionTime": { 78 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 79 | "format": "date-time", 80 | "type": "string" 81 | }, 82 | "message": { 83 | "description": "message is a human readable message indicating details about the transition. This may be an empty string.", 84 | "maxLength": 32768, 85 | "type": "string" 86 | }, 87 | "observedGeneration": { 88 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", 89 | "format": "int64", 90 | "minimum": 0, 91 | "type": "integer" 92 | }, 93 | "reason": { 94 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", 95 | "maxLength": 1024, 96 | "minLength": 1, 97 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 98 | "type": "string" 99 | }, 100 | "status": { 101 | "description": "status of the condition, one of True, False, Unknown.", 102 | "enum": [ 103 | "True", 104 | "False", 105 | "Unknown" 106 | ], 107 | "type": "string" 108 | }, 109 | "type": { 110 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", 111 | "maxLength": 316, 112 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 113 | "type": "string" 114 | } 115 | }, 116 | "required": [ 117 | "lastTransitionTime", 118 | "message", 119 | "reason", 120 | "status", 121 | "type" 122 | ], 123 | "type": "object", 124 | "additionalProperties": false 125 | }, 126 | "type": "array" 127 | }, 128 | "lastHandledReconcileAt": { 129 | "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", 130 | "type": "string" 131 | }, 132 | "lastScanResult": { 133 | "description": "LastScanResult contains the number of fetched tags.", 134 | "properties": { 135 | "scanTime": { 136 | "format": "date-time", 137 | "type": "string" 138 | }, 139 | "tagCount": { 140 | "type": "integer" 141 | } 142 | }, 143 | "required": [ 144 | "tagCount" 145 | ], 146 | "type": "object", 147 | "additionalProperties": false 148 | }, 149 | "observedGeneration": { 150 | "description": "ObservedGeneration is the last reconciled generation.", 151 | "format": "int64", 152 | "type": "integer" 153 | } 154 | }, 155 | "type": "object", 156 | "additionalProperties": false 157 | } 158 | }, 159 | "type": "object" 160 | } -------------------------------------------------------------------------------- /receiver-notification-v1beta1.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "Receiver is the Schema for the receivers API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "ReceiverSpec defines the desired state of Receiver", 17 | "properties": { 18 | "events": { 19 | "description": "A list of events to handle,\ne.g. 'push' for GitHub or 'Push Hook' for GitLab.", 20 | "items": { 21 | "type": "string" 22 | }, 23 | "type": "array" 24 | }, 25 | "resources": { 26 | "description": "A list of resources to be notified about changes.", 27 | "items": { 28 | "description": "CrossNamespaceObjectReference contains enough information to let you locate the\ntyped referenced object at cluster level", 29 | "properties": { 30 | "apiVersion": { 31 | "description": "API version of the referent", 32 | "type": "string" 33 | }, 34 | "kind": { 35 | "description": "Kind of the referent", 36 | "enum": [ 37 | "Bucket", 38 | "GitRepository", 39 | "Kustomization", 40 | "HelmRelease", 41 | "HelmChart", 42 | "HelmRepository", 43 | "ImageRepository", 44 | "ImagePolicy", 45 | "ImageUpdateAutomation", 46 | "OCIRepository" 47 | ], 48 | "type": "string" 49 | }, 50 | "matchLabels": { 51 | "additionalProperties": { 52 | "type": "string" 53 | }, 54 | "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", 55 | "type": "object" 56 | }, 57 | "name": { 58 | "description": "Name of the referent", 59 | "maxLength": 53, 60 | "minLength": 1, 61 | "type": "string" 62 | }, 63 | "namespace": { 64 | "description": "Namespace of the referent", 65 | "maxLength": 53, 66 | "minLength": 1, 67 | "type": "string" 68 | } 69 | }, 70 | "required": [ 71 | "kind", 72 | "name" 73 | ], 74 | "type": "object", 75 | "additionalProperties": false 76 | }, 77 | "type": "array" 78 | }, 79 | "secretRef": { 80 | "description": "Secret reference containing the token used\nto validate the payload authenticity", 81 | "properties": { 82 | "name": { 83 | "description": "Name of the referent.", 84 | "type": "string" 85 | } 86 | }, 87 | "required": [ 88 | "name" 89 | ], 90 | "type": "object", 91 | "additionalProperties": false 92 | }, 93 | "suspend": { 94 | "description": "This flag tells the controller to suspend subsequent events handling.\nDefaults to false.", 95 | "type": "boolean" 96 | }, 97 | "type": { 98 | "description": "Type of webhook sender, used to determine\nthe validation procedure and payload deserialization.", 99 | "enum": [ 100 | "generic", 101 | "generic-hmac", 102 | "github", 103 | "gitlab", 104 | "bitbucket", 105 | "harbor", 106 | "dockerhub", 107 | "quay", 108 | "gcr", 109 | "nexus", 110 | "acr" 111 | ], 112 | "type": "string" 113 | } 114 | }, 115 | "required": [ 116 | "resources", 117 | "secretRef", 118 | "type" 119 | ], 120 | "type": "object", 121 | "additionalProperties": false 122 | }, 123 | "status": { 124 | "default": { 125 | "observedGeneration": -1 126 | }, 127 | "description": "ReceiverStatus defines the observed state of Receiver", 128 | "properties": { 129 | "conditions": { 130 | "items": { 131 | "description": "Condition contains details for one aspect of the current state of this API Resource.", 132 | "properties": { 133 | "lastTransitionTime": { 134 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 135 | "format": "date-time", 136 | "type": "string" 137 | }, 138 | "message": { 139 | "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", 140 | "maxLength": 32768, 141 | "type": "string" 142 | }, 143 | "observedGeneration": { 144 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", 145 | "format": "int64", 146 | "minimum": 0, 147 | "type": "integer" 148 | }, 149 | "reason": { 150 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", 151 | "maxLength": 1024, 152 | "minLength": 1, 153 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 154 | "type": "string" 155 | }, 156 | "status": { 157 | "description": "status of the condition, one of True, False, Unknown.", 158 | "enum": [ 159 | "True", 160 | "False", 161 | "Unknown" 162 | ], 163 | "type": "string" 164 | }, 165 | "type": { 166 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", 167 | "maxLength": 316, 168 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 169 | "type": "string" 170 | } 171 | }, 172 | "required": [ 173 | "lastTransitionTime", 174 | "message", 175 | "reason", 176 | "status", 177 | "type" 178 | ], 179 | "type": "object", 180 | "additionalProperties": false 181 | }, 182 | "type": "array" 183 | }, 184 | "observedGeneration": { 185 | "description": "ObservedGeneration is the last observed generation.", 186 | "format": "int64", 187 | "type": "integer" 188 | }, 189 | "url": { 190 | "description": "Generated webhook URL in the format\nof '/hook/sha256sum(token+name+namespace)'.", 191 | "type": "string" 192 | } 193 | }, 194 | "type": "object", 195 | "additionalProperties": false 196 | } 197 | }, 198 | "type": "object" 199 | } -------------------------------------------------------------------------------- /provider-notification-v1beta2.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "Provider is the Schema for the providers API.", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "ProviderSpec defines the desired state of the Provider.", 17 | "properties": { 18 | "address": { 19 | "description": "Address specifies the endpoint, in a generic sense, to where alerts are sent.\nWhat kind of endpoint depends on the specific Provider type being used.\nFor the generic Provider, for example, this is an HTTP/S address.\nFor other Provider types this could be a project ID or a namespace.", 20 | "maxLength": 2048, 21 | "type": "string" 22 | }, 23 | "certSecretRef": { 24 | "description": "CertSecretRef specifies the Secret containing\na PEM-encoded CA certificate (in the `ca.crt` key).\n\nNote: Support for the `caFile` key has\nbeen deprecated.", 25 | "properties": { 26 | "name": { 27 | "description": "Name of the referent.", 28 | "type": "string" 29 | } 30 | }, 31 | "required": [ 32 | "name" 33 | ], 34 | "type": "object", 35 | "additionalProperties": false 36 | }, 37 | "channel": { 38 | "description": "Channel specifies the destination channel where events should be posted.", 39 | "maxLength": 2048, 40 | "type": "string" 41 | }, 42 | "interval": { 43 | "description": "Interval at which to reconcile the Provider with its Secret references.", 44 | "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$", 45 | "type": "string" 46 | }, 47 | "proxy": { 48 | "description": "Proxy the HTTP/S address of the proxy server.", 49 | "maxLength": 2048, 50 | "pattern": "^(http|https)://.*$", 51 | "type": "string" 52 | }, 53 | "secretRef": { 54 | "description": "SecretRef specifies the Secret containing the authentication\ncredentials for this Provider.", 55 | "properties": { 56 | "name": { 57 | "description": "Name of the referent.", 58 | "type": "string" 59 | } 60 | }, 61 | "required": [ 62 | "name" 63 | ], 64 | "type": "object", 65 | "additionalProperties": false 66 | }, 67 | "suspend": { 68 | "description": "Suspend tells the controller to suspend subsequent\nevents handling for this Provider.", 69 | "type": "boolean" 70 | }, 71 | "timeout": { 72 | "description": "Timeout for sending alerts to the Provider.", 73 | "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m))+$", 74 | "type": "string" 75 | }, 76 | "type": { 77 | "description": "Type specifies which Provider implementation to use.", 78 | "enum": [ 79 | "slack", 80 | "discord", 81 | "msteams", 82 | "rocket", 83 | "generic", 84 | "generic-hmac", 85 | "github", 86 | "gitlab", 87 | "gitea", 88 | "bitbucketserver", 89 | "bitbucket", 90 | "azuredevops", 91 | "googlechat", 92 | "googlepubsub", 93 | "webex", 94 | "sentry", 95 | "azureeventhub", 96 | "telegram", 97 | "lark", 98 | "matrix", 99 | "opsgenie", 100 | "alertmanager", 101 | "grafana", 102 | "githubdispatch", 103 | "pagerduty", 104 | "datadog" 105 | ], 106 | "type": "string" 107 | }, 108 | "username": { 109 | "description": "Username specifies the name under which events are posted.", 110 | "maxLength": 2048, 111 | "type": "string" 112 | } 113 | }, 114 | "required": [ 115 | "type" 116 | ], 117 | "type": "object", 118 | "additionalProperties": false 119 | }, 120 | "status": { 121 | "default": { 122 | "observedGeneration": -1 123 | }, 124 | "description": "ProviderStatus defines the observed state of the Provider.", 125 | "properties": { 126 | "conditions": { 127 | "description": "Conditions holds the conditions for the Provider.", 128 | "items": { 129 | "description": "Condition contains details for one aspect of the current state of this API Resource.", 130 | "properties": { 131 | "lastTransitionTime": { 132 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 133 | "format": "date-time", 134 | "type": "string" 135 | }, 136 | "message": { 137 | "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", 138 | "maxLength": 32768, 139 | "type": "string" 140 | }, 141 | "observedGeneration": { 142 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", 143 | "format": "int64", 144 | "minimum": 0, 145 | "type": "integer" 146 | }, 147 | "reason": { 148 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", 149 | "maxLength": 1024, 150 | "minLength": 1, 151 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 152 | "type": "string" 153 | }, 154 | "status": { 155 | "description": "status of the condition, one of True, False, Unknown.", 156 | "enum": [ 157 | "True", 158 | "False", 159 | "Unknown" 160 | ], 161 | "type": "string" 162 | }, 163 | "type": { 164 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", 165 | "maxLength": 316, 166 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 167 | "type": "string" 168 | } 169 | }, 170 | "required": [ 171 | "lastTransitionTime", 172 | "message", 173 | "reason", 174 | "status", 175 | "type" 176 | ], 177 | "type": "object", 178 | "additionalProperties": false 179 | }, 180 | "type": "array" 181 | }, 182 | "lastHandledReconcileAt": { 183 | "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", 184 | "type": "string" 185 | }, 186 | "observedGeneration": { 187 | "description": "ObservedGeneration is the last reconciled generation.", 188 | "format": "int64", 189 | "type": "integer" 190 | } 191 | }, 192 | "type": "object", 193 | "additionalProperties": false 194 | } 195 | }, 196 | "type": "object" 197 | } -------------------------------------------------------------------------------- /imagepolicy-image-v1beta1.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "ImagePolicy is the Schema for the imagepolicies API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "ImagePolicySpec defines the parameters for calculating the\nImagePolicy", 17 | "properties": { 18 | "filterTags": { 19 | "description": "FilterTags enables filtering for only a subset of tags based on a set of\nrules. If no rules are provided, all the tags from the repository will be\nordered and compared.", 20 | "properties": { 21 | "extract": { 22 | "description": "Extract allows a capture group to be extracted from the specified regular\nexpression pattern, useful before tag evaluation.", 23 | "type": "string" 24 | }, 25 | "pattern": { 26 | "description": "Pattern specifies a regular expression pattern used to filter for image\ntags.", 27 | "type": "string" 28 | } 29 | }, 30 | "type": "object", 31 | "additionalProperties": false 32 | }, 33 | "imageRepositoryRef": { 34 | "description": "ImageRepositoryRef points at the object specifying the image\nbeing scanned", 35 | "properties": { 36 | "name": { 37 | "description": "Name of the referent.", 38 | "type": "string" 39 | }, 40 | "namespace": { 41 | "description": "Namespace of the referent, when not specified it acts as LocalObjectReference.", 42 | "type": "string" 43 | } 44 | }, 45 | "required": [ 46 | "name" 47 | ], 48 | "type": "object", 49 | "additionalProperties": false 50 | }, 51 | "policy": { 52 | "description": "Policy gives the particulars of the policy to be followed in\nselecting the most recent image", 53 | "properties": { 54 | "alphabetical": { 55 | "description": "Alphabetical set of rules to use for alphabetical ordering of the tags.", 56 | "properties": { 57 | "order": { 58 | "default": "asc", 59 | "description": "Order specifies the sorting order of the tags. Given the letters of the\nalphabet as tags, ascending order would select Z, and descending order\nwould select A.", 60 | "enum": [ 61 | "asc", 62 | "desc" 63 | ], 64 | "type": "string" 65 | } 66 | }, 67 | "type": "object", 68 | "additionalProperties": false 69 | }, 70 | "numerical": { 71 | "description": "Numerical set of rules to use for numerical ordering of the tags.", 72 | "properties": { 73 | "order": { 74 | "default": "asc", 75 | "description": "Order specifies the sorting order of the tags. Given the integer values\nfrom 0 to 9 as tags, ascending order would select 9, and descending order\nwould select 0.", 76 | "enum": [ 77 | "asc", 78 | "desc" 79 | ], 80 | "type": "string" 81 | } 82 | }, 83 | "type": "object", 84 | "additionalProperties": false 85 | }, 86 | "semver": { 87 | "description": "SemVer gives a semantic version range to check against the tags\navailable.", 88 | "properties": { 89 | "range": { 90 | "description": "Range gives a semver range for the image tag; the highest\nversion within the range that's a tag yields the latest image.", 91 | "type": "string" 92 | } 93 | }, 94 | "required": [ 95 | "range" 96 | ], 97 | "type": "object", 98 | "additionalProperties": false 99 | } 100 | }, 101 | "type": "object", 102 | "additionalProperties": false 103 | } 104 | }, 105 | "required": [ 106 | "imageRepositoryRef", 107 | "policy" 108 | ], 109 | "type": "object", 110 | "additionalProperties": false 111 | }, 112 | "status": { 113 | "default": { 114 | "observedGeneration": -1 115 | }, 116 | "description": "ImagePolicyStatus defines the observed state of ImagePolicy", 117 | "properties": { 118 | "conditions": { 119 | "items": { 120 | "description": "Condition contains details for one aspect of the current state of this API Resource.", 121 | "properties": { 122 | "lastTransitionTime": { 123 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 124 | "format": "date-time", 125 | "type": "string" 126 | }, 127 | "message": { 128 | "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", 129 | "maxLength": 32768, 130 | "type": "string" 131 | }, 132 | "observedGeneration": { 133 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", 134 | "format": "int64", 135 | "minimum": 0, 136 | "type": "integer" 137 | }, 138 | "reason": { 139 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", 140 | "maxLength": 1024, 141 | "minLength": 1, 142 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 143 | "type": "string" 144 | }, 145 | "status": { 146 | "description": "status of the condition, one of True, False, Unknown.", 147 | "enum": [ 148 | "True", 149 | "False", 150 | "Unknown" 151 | ], 152 | "type": "string" 153 | }, 154 | "type": { 155 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", 156 | "maxLength": 316, 157 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 158 | "type": "string" 159 | } 160 | }, 161 | "required": [ 162 | "lastTransitionTime", 163 | "message", 164 | "reason", 165 | "status", 166 | "type" 167 | ], 168 | "type": "object", 169 | "additionalProperties": false 170 | }, 171 | "type": "array" 172 | }, 173 | "latestImage": { 174 | "description": "LatestImage gives the first in the list of images scanned by\nthe image repository, when filtered and ordered according to\nthe policy.", 175 | "type": "string" 176 | }, 177 | "observedGeneration": { 178 | "format": "int64", 179 | "type": "integer" 180 | } 181 | }, 182 | "type": "object", 183 | "additionalProperties": false 184 | } 185 | }, 186 | "type": "object" 187 | } -------------------------------------------------------------------------------- /imagepolicy-image-v1alpha1.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "ImagePolicy is the Schema for the imagepolicies API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "ImagePolicySpec defines the parameters for calculating the ImagePolicy", 17 | "properties": { 18 | "filterTags": { 19 | "description": "FilterTags enables filtering for only a subset of tags based on a set of rules. If no rules are provided, all the tags from the repository will be ordered and compared.", 20 | "properties": { 21 | "extract": { 22 | "description": "Extract allows a capture group to be extracted from the specified regular expression pattern, useful before tag evaluation.", 23 | "type": "string" 24 | }, 25 | "pattern": { 26 | "description": "Pattern specifies a regular expression pattern used to filter for image tags.", 27 | "type": "string" 28 | } 29 | }, 30 | "type": "object", 31 | "additionalProperties": false 32 | }, 33 | "imageRepositoryRef": { 34 | "description": "ImageRepositoryRef points at the object specifying the image being scanned", 35 | "properties": { 36 | "name": { 37 | "description": "Name of the referent.", 38 | "type": "string" 39 | } 40 | }, 41 | "required": [ 42 | "name" 43 | ], 44 | "type": "object", 45 | "additionalProperties": false 46 | }, 47 | "policy": { 48 | "description": "Policy gives the particulars of the policy to be followed in selecting the most recent image", 49 | "properties": { 50 | "alphabetical": { 51 | "description": "Alphabetical set of rules to use for alphabetical ordering of the tags.", 52 | "properties": { 53 | "order": { 54 | "default": "asc", 55 | "description": "Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A.", 56 | "enum": [ 57 | "asc", 58 | "desc" 59 | ], 60 | "type": "string" 61 | } 62 | }, 63 | "type": "object", 64 | "additionalProperties": false 65 | }, 66 | "numerical": { 67 | "description": "Numerical set of rules to use for numerical ordering of the tags.", 68 | "properties": { 69 | "order": { 70 | "default": "asc", 71 | "description": "Order specifies the sorting order of the tags. Given the integer values from 0 to 9 as tags, ascending order would select 9, and descending order would select 0.", 72 | "enum": [ 73 | "asc", 74 | "desc" 75 | ], 76 | "type": "string" 77 | } 78 | }, 79 | "type": "object", 80 | "additionalProperties": false 81 | }, 82 | "semver": { 83 | "description": "SemVer gives a semantic version range to check against the tags available.", 84 | "properties": { 85 | "range": { 86 | "description": "Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image.", 87 | "type": "string" 88 | } 89 | }, 90 | "required": [ 91 | "range" 92 | ], 93 | "type": "object", 94 | "additionalProperties": false 95 | } 96 | }, 97 | "type": "object", 98 | "additionalProperties": false 99 | } 100 | }, 101 | "required": [ 102 | "imageRepositoryRef", 103 | "policy" 104 | ], 105 | "type": "object", 106 | "additionalProperties": false 107 | }, 108 | "status": { 109 | "description": "ImagePolicyStatus defines the observed state of ImagePolicy", 110 | "properties": { 111 | "conditions": { 112 | "items": { 113 | "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", 114 | "properties": { 115 | "lastTransitionTime": { 116 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 117 | "format": "date-time", 118 | "type": "string" 119 | }, 120 | "message": { 121 | "description": "message is a human readable message indicating details about the transition. This may be an empty string.", 122 | "maxLength": 32768, 123 | "type": "string" 124 | }, 125 | "observedGeneration": { 126 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", 127 | "format": "int64", 128 | "minimum": 0, 129 | "type": "integer" 130 | }, 131 | "reason": { 132 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", 133 | "maxLength": 1024, 134 | "minLength": 1, 135 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 136 | "type": "string" 137 | }, 138 | "status": { 139 | "description": "status of the condition, one of True, False, Unknown.", 140 | "enum": [ 141 | "True", 142 | "False", 143 | "Unknown" 144 | ], 145 | "type": "string" 146 | }, 147 | "type": { 148 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", 149 | "maxLength": 316, 150 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 151 | "type": "string" 152 | } 153 | }, 154 | "required": [ 155 | "lastTransitionTime", 156 | "message", 157 | "reason", 158 | "status", 159 | "type" 160 | ], 161 | "type": "object", 162 | "additionalProperties": false 163 | }, 164 | "type": "array" 165 | }, 166 | "latestImage": { 167 | "description": "LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy.", 168 | "type": "string" 169 | }, 170 | "observedGeneration": { 171 | "format": "int64", 172 | "type": "integer" 173 | } 174 | }, 175 | "type": "object", 176 | "additionalProperties": false 177 | } 178 | }, 179 | "type": "object" 180 | } -------------------------------------------------------------------------------- /imagepolicy-image-v1alpha2.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "ImagePolicy is the Schema for the imagepolicies API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "ImagePolicySpec defines the parameters for calculating the ImagePolicy", 17 | "properties": { 18 | "filterTags": { 19 | "description": "FilterTags enables filtering for only a subset of tags based on a set of rules. If no rules are provided, all the tags from the repository will be ordered and compared.", 20 | "properties": { 21 | "extract": { 22 | "description": "Extract allows a capture group to be extracted from the specified regular expression pattern, useful before tag evaluation.", 23 | "type": "string" 24 | }, 25 | "pattern": { 26 | "description": "Pattern specifies a regular expression pattern used to filter for image tags.", 27 | "type": "string" 28 | } 29 | }, 30 | "type": "object", 31 | "additionalProperties": false 32 | }, 33 | "imageRepositoryRef": { 34 | "description": "ImageRepositoryRef points at the object specifying the image being scanned", 35 | "properties": { 36 | "name": { 37 | "description": "Name of the referent.", 38 | "type": "string" 39 | } 40 | }, 41 | "required": [ 42 | "name" 43 | ], 44 | "type": "object", 45 | "additionalProperties": false 46 | }, 47 | "policy": { 48 | "description": "Policy gives the particulars of the policy to be followed in selecting the most recent image", 49 | "properties": { 50 | "alphabetical": { 51 | "description": "Alphabetical set of rules to use for alphabetical ordering of the tags.", 52 | "properties": { 53 | "order": { 54 | "default": "asc", 55 | "description": "Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A.", 56 | "enum": [ 57 | "asc", 58 | "desc" 59 | ], 60 | "type": "string" 61 | } 62 | }, 63 | "type": "object", 64 | "additionalProperties": false 65 | }, 66 | "numerical": { 67 | "description": "Numerical set of rules to use for numerical ordering of the tags.", 68 | "properties": { 69 | "order": { 70 | "default": "asc", 71 | "description": "Order specifies the sorting order of the tags. Given the integer values from 0 to 9 as tags, ascending order would select 9, and descending order would select 0.", 72 | "enum": [ 73 | "asc", 74 | "desc" 75 | ], 76 | "type": "string" 77 | } 78 | }, 79 | "type": "object", 80 | "additionalProperties": false 81 | }, 82 | "semver": { 83 | "description": "SemVer gives a semantic version range to check against the tags available.", 84 | "properties": { 85 | "range": { 86 | "description": "Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image.", 87 | "type": "string" 88 | } 89 | }, 90 | "required": [ 91 | "range" 92 | ], 93 | "type": "object", 94 | "additionalProperties": false 95 | } 96 | }, 97 | "type": "object", 98 | "additionalProperties": false 99 | } 100 | }, 101 | "required": [ 102 | "imageRepositoryRef", 103 | "policy" 104 | ], 105 | "type": "object", 106 | "additionalProperties": false 107 | }, 108 | "status": { 109 | "description": "ImagePolicyStatus defines the observed state of ImagePolicy", 110 | "properties": { 111 | "conditions": { 112 | "items": { 113 | "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", 114 | "properties": { 115 | "lastTransitionTime": { 116 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 117 | "format": "date-time", 118 | "type": "string" 119 | }, 120 | "message": { 121 | "description": "message is a human readable message indicating details about the transition. This may be an empty string.", 122 | "maxLength": 32768, 123 | "type": "string" 124 | }, 125 | "observedGeneration": { 126 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", 127 | "format": "int64", 128 | "minimum": 0, 129 | "type": "integer" 130 | }, 131 | "reason": { 132 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", 133 | "maxLength": 1024, 134 | "minLength": 1, 135 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 136 | "type": "string" 137 | }, 138 | "status": { 139 | "description": "status of the condition, one of True, False, Unknown.", 140 | "enum": [ 141 | "True", 142 | "False", 143 | "Unknown" 144 | ], 145 | "type": "string" 146 | }, 147 | "type": { 148 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", 149 | "maxLength": 316, 150 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 151 | "type": "string" 152 | } 153 | }, 154 | "required": [ 155 | "lastTransitionTime", 156 | "message", 157 | "reason", 158 | "status", 159 | "type" 160 | ], 161 | "type": "object", 162 | "additionalProperties": false 163 | }, 164 | "type": "array" 165 | }, 166 | "latestImage": { 167 | "description": "LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy.", 168 | "type": "string" 169 | }, 170 | "observedGeneration": { 171 | "format": "int64", 172 | "type": "integer" 173 | } 174 | }, 175 | "type": "object", 176 | "additionalProperties": false 177 | } 178 | }, 179 | "type": "object" 180 | } -------------------------------------------------------------------------------- /receiver-notification-v1beta2.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "Receiver is the Schema for the receivers API.", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "ReceiverSpec defines the desired state of the Receiver.", 17 | "properties": { 18 | "events": { 19 | "description": "Events specifies the list of event types to handle,\ne.g. 'push' for GitHub or 'Push Hook' for GitLab.", 20 | "items": { 21 | "type": "string" 22 | }, 23 | "type": "array" 24 | }, 25 | "interval": { 26 | "description": "Interval at which to reconcile the Receiver with its Secret references.", 27 | "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$", 28 | "type": "string" 29 | }, 30 | "resources": { 31 | "description": "A list of resources to be notified about changes.", 32 | "items": { 33 | "description": "CrossNamespaceObjectReference contains enough information to let you locate the\ntyped referenced object at cluster level", 34 | "properties": { 35 | "apiVersion": { 36 | "description": "API version of the referent", 37 | "type": "string" 38 | }, 39 | "kind": { 40 | "description": "Kind of the referent", 41 | "enum": [ 42 | "Bucket", 43 | "GitRepository", 44 | "Kustomization", 45 | "HelmRelease", 46 | "HelmChart", 47 | "HelmRepository", 48 | "ImageRepository", 49 | "ImagePolicy", 50 | "ImageUpdateAutomation", 51 | "OCIRepository" 52 | ], 53 | "type": "string" 54 | }, 55 | "matchLabels": { 56 | "additionalProperties": { 57 | "type": "string" 58 | }, 59 | "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.\nMatchLabels requires the name to be set to `*`.", 60 | "type": "object" 61 | }, 62 | "name": { 63 | "description": "Name of the referent\nIf multiple resources are targeted `*` may be set.", 64 | "maxLength": 253, 65 | "minLength": 1, 66 | "type": "string" 67 | }, 68 | "namespace": { 69 | "description": "Namespace of the referent", 70 | "maxLength": 253, 71 | "minLength": 1, 72 | "type": "string" 73 | } 74 | }, 75 | "required": [ 76 | "kind", 77 | "name" 78 | ], 79 | "type": "object", 80 | "additionalProperties": false 81 | }, 82 | "type": "array" 83 | }, 84 | "secretRef": { 85 | "description": "SecretRef specifies the Secret containing the token used\nto validate the payload authenticity.", 86 | "properties": { 87 | "name": { 88 | "description": "Name of the referent.", 89 | "type": "string" 90 | } 91 | }, 92 | "required": [ 93 | "name" 94 | ], 95 | "type": "object", 96 | "additionalProperties": false 97 | }, 98 | "suspend": { 99 | "description": "Suspend tells the controller to suspend subsequent\nevents handling for this receiver.", 100 | "type": "boolean" 101 | }, 102 | "type": { 103 | "description": "Type of webhook sender, used to determine\nthe validation procedure and payload deserialization.", 104 | "enum": [ 105 | "generic", 106 | "generic-hmac", 107 | "github", 108 | "gitlab", 109 | "bitbucket", 110 | "harbor", 111 | "dockerhub", 112 | "quay", 113 | "gcr", 114 | "nexus", 115 | "acr" 116 | ], 117 | "type": "string" 118 | } 119 | }, 120 | "required": [ 121 | "resources", 122 | "secretRef", 123 | "type" 124 | ], 125 | "type": "object", 126 | "additionalProperties": false 127 | }, 128 | "status": { 129 | "default": { 130 | "observedGeneration": -1 131 | }, 132 | "description": "ReceiverStatus defines the observed state of the Receiver.", 133 | "properties": { 134 | "conditions": { 135 | "description": "Conditions holds the conditions for the Receiver.", 136 | "items": { 137 | "description": "Condition contains details for one aspect of the current state of this API Resource.", 138 | "properties": { 139 | "lastTransitionTime": { 140 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 141 | "format": "date-time", 142 | "type": "string" 143 | }, 144 | "message": { 145 | "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", 146 | "maxLength": 32768, 147 | "type": "string" 148 | }, 149 | "observedGeneration": { 150 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", 151 | "format": "int64", 152 | "minimum": 0, 153 | "type": "integer" 154 | }, 155 | "reason": { 156 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", 157 | "maxLength": 1024, 158 | "minLength": 1, 159 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 160 | "type": "string" 161 | }, 162 | "status": { 163 | "description": "status of the condition, one of True, False, Unknown.", 164 | "enum": [ 165 | "True", 166 | "False", 167 | "Unknown" 168 | ], 169 | "type": "string" 170 | }, 171 | "type": { 172 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", 173 | "maxLength": 316, 174 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 175 | "type": "string" 176 | } 177 | }, 178 | "required": [ 179 | "lastTransitionTime", 180 | "message", 181 | "reason", 182 | "status", 183 | "type" 184 | ], 185 | "type": "object", 186 | "additionalProperties": false 187 | }, 188 | "type": "array" 189 | }, 190 | "lastHandledReconcileAt": { 191 | "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", 192 | "type": "string" 193 | }, 194 | "observedGeneration": { 195 | "description": "ObservedGeneration is the last observed generation of the Receiver object.", 196 | "format": "int64", 197 | "type": "integer" 198 | }, 199 | "url": { 200 | "description": "URL is the generated incoming webhook address in the format\nof '/hook/sha256sum(token+name+namespace)'.\nDeprecated: Replaced by WebhookPath.", 201 | "type": "string" 202 | }, 203 | "webhookPath": { 204 | "description": "WebhookPath is the generated incoming webhook address in the format\nof '/hook/sha256sum(token+name+namespace)'.", 205 | "type": "string" 206 | } 207 | }, 208 | "type": "object", 209 | "additionalProperties": false 210 | } 211 | }, 212 | "type": "object" 213 | } -------------------------------------------------------------------------------- /alert-notification-v1beta2.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "Alert is the Schema for the alerts API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "AlertSpec defines an alerting rule for events involving a list of objects.", 17 | "properties": { 18 | "eventMetadata": { 19 | "additionalProperties": { 20 | "type": "string" 21 | }, 22 | "description": "EventMetadata is an optional field for adding metadata to events dispatched by the\ncontroller. This can be used for enhancing the context of the event. If a field\nwould override one already present on the original event as generated by the emitter,\nthen the override doesn't happen, i.e. the original value is preserved, and an info\nlog is printed.", 23 | "type": "object" 24 | }, 25 | "eventSeverity": { 26 | "default": "info", 27 | "description": "EventSeverity specifies how to filter events based on severity.\nIf set to 'info' no events will be filtered.", 28 | "enum": [ 29 | "info", 30 | "error" 31 | ], 32 | "type": "string" 33 | }, 34 | "eventSources": { 35 | "description": "EventSources specifies how to filter events based\non the involved object kind, name and namespace.", 36 | "items": { 37 | "description": "CrossNamespaceObjectReference contains enough information to let you locate the\ntyped referenced object at cluster level", 38 | "properties": { 39 | "apiVersion": { 40 | "description": "API version of the referent", 41 | "type": "string" 42 | }, 43 | "kind": { 44 | "description": "Kind of the referent", 45 | "enum": [ 46 | "Bucket", 47 | "GitRepository", 48 | "Kustomization", 49 | "HelmRelease", 50 | "HelmChart", 51 | "HelmRepository", 52 | "ImageRepository", 53 | "ImagePolicy", 54 | "ImageUpdateAutomation", 55 | "OCIRepository" 56 | ], 57 | "type": "string" 58 | }, 59 | "matchLabels": { 60 | "additionalProperties": { 61 | "type": "string" 62 | }, 63 | "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.\nMatchLabels requires the name to be set to `*`.", 64 | "type": "object" 65 | }, 66 | "name": { 67 | "description": "Name of the referent\nIf multiple resources are targeted `*` may be set.", 68 | "maxLength": 253, 69 | "minLength": 1, 70 | "type": "string" 71 | }, 72 | "namespace": { 73 | "description": "Namespace of the referent", 74 | "maxLength": 253, 75 | "minLength": 1, 76 | "type": "string" 77 | } 78 | }, 79 | "required": [ 80 | "kind", 81 | "name" 82 | ], 83 | "type": "object", 84 | "additionalProperties": false 85 | }, 86 | "type": "array" 87 | }, 88 | "exclusionList": { 89 | "description": "ExclusionList specifies a list of Golang regular expressions\nto be used for excluding messages.", 90 | "items": { 91 | "type": "string" 92 | }, 93 | "type": "array" 94 | }, 95 | "inclusionList": { 96 | "description": "InclusionList specifies a list of Golang regular expressions\nto be used for including messages.", 97 | "items": { 98 | "type": "string" 99 | }, 100 | "type": "array" 101 | }, 102 | "providerRef": { 103 | "description": "ProviderRef specifies which Provider this Alert should use.", 104 | "properties": { 105 | "name": { 106 | "description": "Name of the referent.", 107 | "type": "string" 108 | } 109 | }, 110 | "required": [ 111 | "name" 112 | ], 113 | "type": "object", 114 | "additionalProperties": false 115 | }, 116 | "summary": { 117 | "description": "Summary holds a short description of the impact and affected cluster.", 118 | "maxLength": 255, 119 | "type": "string" 120 | }, 121 | "suspend": { 122 | "description": "Suspend tells the controller to suspend subsequent\nevents handling for this Alert.", 123 | "type": "boolean" 124 | } 125 | }, 126 | "required": [ 127 | "eventSources", 128 | "providerRef" 129 | ], 130 | "type": "object", 131 | "additionalProperties": false 132 | }, 133 | "status": { 134 | "default": { 135 | "observedGeneration": -1 136 | }, 137 | "description": "AlertStatus defines the observed state of the Alert.", 138 | "properties": { 139 | "conditions": { 140 | "description": "Conditions holds the conditions for the Alert.", 141 | "items": { 142 | "description": "Condition contains details for one aspect of the current state of this API Resource.", 143 | "properties": { 144 | "lastTransitionTime": { 145 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 146 | "format": "date-time", 147 | "type": "string" 148 | }, 149 | "message": { 150 | "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", 151 | "maxLength": 32768, 152 | "type": "string" 153 | }, 154 | "observedGeneration": { 155 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", 156 | "format": "int64", 157 | "minimum": 0, 158 | "type": "integer" 159 | }, 160 | "reason": { 161 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", 162 | "maxLength": 1024, 163 | "minLength": 1, 164 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 165 | "type": "string" 166 | }, 167 | "status": { 168 | "description": "status of the condition, one of True, False, Unknown.", 169 | "enum": [ 170 | "True", 171 | "False", 172 | "Unknown" 173 | ], 174 | "type": "string" 175 | }, 176 | "type": { 177 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", 178 | "maxLength": 316, 179 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 180 | "type": "string" 181 | } 182 | }, 183 | "required": [ 184 | "lastTransitionTime", 185 | "message", 186 | "reason", 187 | "status", 188 | "type" 189 | ], 190 | "type": "object", 191 | "additionalProperties": false 192 | }, 193 | "type": "array" 194 | }, 195 | "lastHandledReconcileAt": { 196 | "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", 197 | "type": "string" 198 | }, 199 | "observedGeneration": { 200 | "description": "ObservedGeneration is the last observed generation.", 201 | "format": "int64", 202 | "type": "integer" 203 | } 204 | }, 205 | "type": "object", 206 | "additionalProperties": false 207 | } 208 | }, 209 | "type": "object" 210 | } -------------------------------------------------------------------------------- /helmrepository-source-v1beta1.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "HelmRepository is the Schema for the helmrepositories API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "HelmRepositorySpec defines the reference to a Helm repository.", 17 | "properties": { 18 | "accessFrom": { 19 | "description": "AccessFrom defines an Access Control List for allowing cross-namespace references to this object.", 20 | "properties": { 21 | "namespaceSelectors": { 22 | "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies.\nItems in this list are evaluated using a logical OR operation.", 23 | "items": { 24 | "description": "NamespaceSelector selects the namespaces to which this ACL applies.\nAn empty map of MatchLabels matches all namespaces in a cluster.", 25 | "properties": { 26 | "matchLabels": { 27 | "additionalProperties": { 28 | "type": "string" 29 | }, 30 | "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", 31 | "type": "object" 32 | } 33 | }, 34 | "type": "object", 35 | "additionalProperties": false 36 | }, 37 | "type": "array" 38 | } 39 | }, 40 | "required": [ 41 | "namespaceSelectors" 42 | ], 43 | "type": "object", 44 | "additionalProperties": false 45 | }, 46 | "interval": { 47 | "description": "The interval at which to check the upstream for updates.", 48 | "type": "string" 49 | }, 50 | "passCredentials": { 51 | "description": "PassCredentials allows the credentials from the SecretRef to be passed on to\na host that does not match the host as defined in URL.\nThis may be required if the host of the advertised chart URLs in the index\ndiffer from the defined URL.\nEnabling this should be done with caution, as it can potentially result in\ncredentials getting stolen in a MITM-attack.", 52 | "type": "boolean" 53 | }, 54 | "secretRef": { 55 | "description": "The name of the secret containing authentication credentials for the Helm\nrepository.\nFor HTTP/S basic auth the secret must contain username and\npassword fields.\nFor TLS the secret must contain a certFile and keyFile, and/or\ncaFile fields.", 56 | "properties": { 57 | "name": { 58 | "description": "Name of the referent.", 59 | "type": "string" 60 | } 61 | }, 62 | "required": [ 63 | "name" 64 | ], 65 | "type": "object", 66 | "additionalProperties": false 67 | }, 68 | "suspend": { 69 | "description": "This flag tells the controller to suspend the reconciliation of this source.", 70 | "type": "boolean" 71 | }, 72 | "timeout": { 73 | "default": "60s", 74 | "description": "The timeout of index downloading, defaults to 60s.", 75 | "type": "string" 76 | }, 77 | "url": { 78 | "description": "The Helm repository URL, a valid URL contains at least a protocol and host.", 79 | "type": "string" 80 | } 81 | }, 82 | "required": [ 83 | "interval", 84 | "url" 85 | ], 86 | "type": "object", 87 | "additionalProperties": false 88 | }, 89 | "status": { 90 | "default": { 91 | "observedGeneration": -1 92 | }, 93 | "description": "HelmRepositoryStatus defines the observed state of the HelmRepository.", 94 | "properties": { 95 | "artifact": { 96 | "description": "Artifact represents the output of the last successful repository sync.", 97 | "properties": { 98 | "checksum": { 99 | "description": "Checksum is the SHA256 checksum of the artifact.", 100 | "type": "string" 101 | }, 102 | "lastUpdateTime": { 103 | "description": "LastUpdateTime is the timestamp corresponding to the last update of this\nartifact.", 104 | "format": "date-time", 105 | "type": "string" 106 | }, 107 | "path": { 108 | "description": "Path is the relative file path of this artifact.", 109 | "type": "string" 110 | }, 111 | "revision": { 112 | "description": "Revision is a human readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm\nchart version, etc.", 113 | "type": "string" 114 | }, 115 | "url": { 116 | "description": "URL is the HTTP address of this artifact.", 117 | "type": "string" 118 | } 119 | }, 120 | "required": [ 121 | "lastUpdateTime", 122 | "path", 123 | "url" 124 | ], 125 | "type": "object", 126 | "additionalProperties": false 127 | }, 128 | "conditions": { 129 | "description": "Conditions holds the conditions for the HelmRepository.", 130 | "items": { 131 | "description": "Condition contains details for one aspect of the current state of this API Resource.", 132 | "properties": { 133 | "lastTransitionTime": { 134 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 135 | "format": "date-time", 136 | "type": "string" 137 | }, 138 | "message": { 139 | "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", 140 | "maxLength": 32768, 141 | "type": "string" 142 | }, 143 | "observedGeneration": { 144 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", 145 | "format": "int64", 146 | "minimum": 0, 147 | "type": "integer" 148 | }, 149 | "reason": { 150 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", 151 | "maxLength": 1024, 152 | "minLength": 1, 153 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 154 | "type": "string" 155 | }, 156 | "status": { 157 | "description": "status of the condition, one of True, False, Unknown.", 158 | "enum": [ 159 | "True", 160 | "False", 161 | "Unknown" 162 | ], 163 | "type": "string" 164 | }, 165 | "type": { 166 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", 167 | "maxLength": 316, 168 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 169 | "type": "string" 170 | } 171 | }, 172 | "required": [ 173 | "lastTransitionTime", 174 | "message", 175 | "reason", 176 | "status", 177 | "type" 178 | ], 179 | "type": "object", 180 | "additionalProperties": false 181 | }, 182 | "type": "array" 183 | }, 184 | "lastHandledReconcileAt": { 185 | "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", 186 | "type": "string" 187 | }, 188 | "observedGeneration": { 189 | "description": "ObservedGeneration is the last observed generation.", 190 | "format": "int64", 191 | "type": "integer" 192 | }, 193 | "url": { 194 | "description": "URL is the download link for the last index fetched.", 195 | "type": "string" 196 | } 197 | }, 198 | "type": "object", 199 | "additionalProperties": false 200 | } 201 | }, 202 | "type": "object" 203 | } -------------------------------------------------------------------------------- /receiver-notification-v1.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "Receiver is the Schema for the receivers API.", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "ReceiverSpec defines the desired state of the Receiver.", 17 | "properties": { 18 | "events": { 19 | "description": "Events specifies the list of event types to handle,\ne.g. 'push' for GitHub or 'Push Hook' for GitLab.", 20 | "items": { 21 | "type": "string" 22 | }, 23 | "type": "array" 24 | }, 25 | "interval": { 26 | "default": "10m", 27 | "description": "Interval at which to reconcile the Receiver with its Secret references.", 28 | "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$", 29 | "type": "string" 30 | }, 31 | "resourceFilter": { 32 | "description": "ResourceFilter is a CEL expression expected to return a boolean that is\nevaluated for each resource referenced in the Resources field when a\nwebhook is received. If the expression returns false then the controller\nwill not request a reconciliation for the resource.\nWhen the expression is specified the controller will parse it and mark\nthe object as terminally failed if the expression is invalid or does not\nreturn a boolean.", 33 | "type": "string" 34 | }, 35 | "resources": { 36 | "description": "A list of resources to be notified about changes.", 37 | "items": { 38 | "description": "CrossNamespaceObjectReference contains enough information to let you locate the\ntyped referenced object at cluster level", 39 | "properties": { 40 | "apiVersion": { 41 | "description": "API version of the referent", 42 | "type": "string" 43 | }, 44 | "kind": { 45 | "description": "Kind of the referent", 46 | "enum": [ 47 | "Bucket", 48 | "GitRepository", 49 | "Kustomization", 50 | "HelmRelease", 51 | "HelmChart", 52 | "HelmRepository", 53 | "ImageRepository", 54 | "ImagePolicy", 55 | "ImageUpdateAutomation", 56 | "OCIRepository" 57 | ], 58 | "type": "string" 59 | }, 60 | "matchLabels": { 61 | "additionalProperties": { 62 | "type": "string" 63 | }, 64 | "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.\nMatchLabels requires the name to be set to `*`.", 65 | "type": "object" 66 | }, 67 | "name": { 68 | "description": "Name of the referent\nIf multiple resources are targeted `*` may be set.", 69 | "maxLength": 253, 70 | "minLength": 1, 71 | "type": "string" 72 | }, 73 | "namespace": { 74 | "description": "Namespace of the referent", 75 | "maxLength": 253, 76 | "minLength": 1, 77 | "type": "string" 78 | } 79 | }, 80 | "required": [ 81 | "kind", 82 | "name" 83 | ], 84 | "type": "object", 85 | "additionalProperties": false 86 | }, 87 | "type": "array" 88 | }, 89 | "secretRef": { 90 | "description": "SecretRef specifies the Secret containing the token used\nto validate the payload authenticity.", 91 | "properties": { 92 | "name": { 93 | "description": "Name of the referent.", 94 | "type": "string" 95 | } 96 | }, 97 | "required": [ 98 | "name" 99 | ], 100 | "type": "object", 101 | "additionalProperties": false 102 | }, 103 | "suspend": { 104 | "description": "Suspend tells the controller to suspend subsequent\nevents handling for this receiver.", 105 | "type": "boolean" 106 | }, 107 | "type": { 108 | "description": "Type of webhook sender, used to determine\nthe validation procedure and payload deserialization.", 109 | "enum": [ 110 | "generic", 111 | "generic-hmac", 112 | "github", 113 | "gitlab", 114 | "bitbucket", 115 | "harbor", 116 | "dockerhub", 117 | "quay", 118 | "gcr", 119 | "nexus", 120 | "acr", 121 | "cdevents" 122 | ], 123 | "type": "string" 124 | } 125 | }, 126 | "required": [ 127 | "resources", 128 | "secretRef", 129 | "type" 130 | ], 131 | "type": "object", 132 | "additionalProperties": false 133 | }, 134 | "status": { 135 | "default": { 136 | "observedGeneration": -1 137 | }, 138 | "description": "ReceiverStatus defines the observed state of the Receiver.", 139 | "properties": { 140 | "conditions": { 141 | "description": "Conditions holds the conditions for the Receiver.", 142 | "items": { 143 | "description": "Condition contains details for one aspect of the current state of this API Resource.", 144 | "properties": { 145 | "lastTransitionTime": { 146 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 147 | "format": "date-time", 148 | "type": "string" 149 | }, 150 | "message": { 151 | "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", 152 | "maxLength": 32768, 153 | "type": "string" 154 | }, 155 | "observedGeneration": { 156 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", 157 | "format": "int64", 158 | "minimum": 0, 159 | "type": "integer" 160 | }, 161 | "reason": { 162 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", 163 | "maxLength": 1024, 164 | "minLength": 1, 165 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 166 | "type": "string" 167 | }, 168 | "status": { 169 | "description": "status of the condition, one of True, False, Unknown.", 170 | "enum": [ 171 | "True", 172 | "False", 173 | "Unknown" 174 | ], 175 | "type": "string" 176 | }, 177 | "type": { 178 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", 179 | "maxLength": 316, 180 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 181 | "type": "string" 182 | } 183 | }, 184 | "required": [ 185 | "lastTransitionTime", 186 | "message", 187 | "reason", 188 | "status", 189 | "type" 190 | ], 191 | "type": "object", 192 | "additionalProperties": false 193 | }, 194 | "type": "array" 195 | }, 196 | "lastHandledReconcileAt": { 197 | "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", 198 | "type": "string" 199 | }, 200 | "observedGeneration": { 201 | "description": "ObservedGeneration is the last observed generation of the Receiver object.", 202 | "format": "int64", 203 | "type": "integer" 204 | }, 205 | "webhookPath": { 206 | "description": "WebhookPath is the generated incoming webhook address in the format\nof '/hook/sha256sum(token+name+namespace)'.", 207 | "type": "string" 208 | } 209 | }, 210 | "type": "object", 211 | "additionalProperties": false 212 | } 213 | }, 214 | "type": "object" 215 | } -------------------------------------------------------------------------------- /imagerepository-image-v1beta1.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "ImageRepository is the Schema for the imagerepositories API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "ImageRepositorySpec defines the parameters for scanning an image\nrepository, e.g., `fluxcd/flux`.", 17 | "properties": { 18 | "accessFrom": { 19 | "description": "AccessFrom defines an ACL for allowing cross-namespace references\nto the ImageRepository object based on the caller's namespace labels.", 20 | "properties": { 21 | "namespaceSelectors": { 22 | "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies.\nItems in this list are evaluated using a logical OR operation.", 23 | "items": { 24 | "description": "NamespaceSelector selects the namespaces to which this ACL applies.\nAn empty map of MatchLabels matches all namespaces in a cluster.", 25 | "properties": { 26 | "matchLabels": { 27 | "additionalProperties": { 28 | "type": "string" 29 | }, 30 | "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", 31 | "type": "object" 32 | } 33 | }, 34 | "type": "object", 35 | "additionalProperties": false 36 | }, 37 | "type": "array" 38 | } 39 | }, 40 | "required": [ 41 | "namespaceSelectors" 42 | ], 43 | "type": "object", 44 | "additionalProperties": false 45 | }, 46 | "certSecretRef": { 47 | "description": "CertSecretRef can be given the name of a secret containing\neither or both of\n\n - a PEM-encoded client certificate (`certFile`) and private\n key (`keyFile`);\n - a PEM-encoded CA certificate (`caFile`)\n\n and whichever are supplied, will be used for connecting to the\n registry. The client cert and key are useful if you are\n authenticating with a certificate; the CA cert is useful if\n you are using a self-signed server certificate.", 48 | "properties": { 49 | "name": { 50 | "description": "Name of the referent.", 51 | "type": "string" 52 | } 53 | }, 54 | "required": [ 55 | "name" 56 | ], 57 | "type": "object", 58 | "additionalProperties": false 59 | }, 60 | "exclusionList": { 61 | "description": "ExclusionList is a list of regex strings used to exclude certain tags\nfrom being stored in the database.", 62 | "items": { 63 | "type": "string" 64 | }, 65 | "type": "array" 66 | }, 67 | "image": { 68 | "description": "Image is the name of the image repository", 69 | "type": "string" 70 | }, 71 | "interval": { 72 | "description": "Interval is the length of time to wait between\nscans of the image repository.", 73 | "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$", 74 | "type": "string" 75 | }, 76 | "secretRef": { 77 | "description": "SecretRef can be given the name of a secret containing\ncredentials to use for the image registry. The secret should be\ncreated with `kubectl create secret docker-registry`, or the\nequivalent.", 78 | "properties": { 79 | "name": { 80 | "description": "Name of the referent.", 81 | "type": "string" 82 | } 83 | }, 84 | "required": [ 85 | "name" 86 | ], 87 | "type": "object", 88 | "additionalProperties": false 89 | }, 90 | "serviceAccountName": { 91 | "description": "ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate\nthe image pull if the service account has attached pull secrets.", 92 | "maxLength": 253, 93 | "type": "string" 94 | }, 95 | "suspend": { 96 | "description": "This flag tells the controller to suspend subsequent image scans.\nIt does not apply to already started scans. Defaults to false.", 97 | "type": "boolean" 98 | }, 99 | "timeout": { 100 | "description": "Timeout for image scanning.\nDefaults to 'Interval' duration.", 101 | "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m))+$", 102 | "type": "string" 103 | } 104 | }, 105 | "required": [ 106 | "image", 107 | "interval" 108 | ], 109 | "type": "object", 110 | "additionalProperties": false 111 | }, 112 | "status": { 113 | "default": { 114 | "observedGeneration": -1 115 | }, 116 | "description": "ImageRepositoryStatus defines the observed state of ImageRepository", 117 | "properties": { 118 | "canonicalImageName": { 119 | "description": "CanonicalName is the name of the image repository with all the\nimplied bits made explicit; e.g., `docker.io/library/alpine`\nrather than `alpine`.", 120 | "type": "string" 121 | }, 122 | "conditions": { 123 | "items": { 124 | "description": "Condition contains details for one aspect of the current state of this API Resource.", 125 | "properties": { 126 | "lastTransitionTime": { 127 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 128 | "format": "date-time", 129 | "type": "string" 130 | }, 131 | "message": { 132 | "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", 133 | "maxLength": 32768, 134 | "type": "string" 135 | }, 136 | "observedGeneration": { 137 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", 138 | "format": "int64", 139 | "minimum": 0, 140 | "type": "integer" 141 | }, 142 | "reason": { 143 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", 144 | "maxLength": 1024, 145 | "minLength": 1, 146 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 147 | "type": "string" 148 | }, 149 | "status": { 150 | "description": "status of the condition, one of True, False, Unknown.", 151 | "enum": [ 152 | "True", 153 | "False", 154 | "Unknown" 155 | ], 156 | "type": "string" 157 | }, 158 | "type": { 159 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", 160 | "maxLength": 316, 161 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 162 | "type": "string" 163 | } 164 | }, 165 | "required": [ 166 | "lastTransitionTime", 167 | "message", 168 | "reason", 169 | "status", 170 | "type" 171 | ], 172 | "type": "object", 173 | "additionalProperties": false 174 | }, 175 | "type": "array" 176 | }, 177 | "lastHandledReconcileAt": { 178 | "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", 179 | "type": "string" 180 | }, 181 | "lastScanResult": { 182 | "description": "LastScanResult contains the number of fetched tags.", 183 | "properties": { 184 | "scanTime": { 185 | "format": "date-time", 186 | "type": "string" 187 | }, 188 | "tagCount": { 189 | "type": "integer" 190 | } 191 | }, 192 | "required": [ 193 | "tagCount" 194 | ], 195 | "type": "object", 196 | "additionalProperties": false 197 | }, 198 | "observedGeneration": { 199 | "description": "ObservedGeneration is the last reconciled generation.", 200 | "format": "int64", 201 | "type": "integer" 202 | } 203 | }, 204 | "type": "object", 205 | "additionalProperties": false 206 | } 207 | }, 208 | "type": "object" 209 | } -------------------------------------------------------------------------------- /bucket-source-v1beta1.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "Bucket is the Schema for the buckets API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "BucketSpec defines the desired state of an S3 compatible bucket", 17 | "properties": { 18 | "accessFrom": { 19 | "description": "AccessFrom defines an Access Control List for allowing cross-namespace references to this object.", 20 | "properties": { 21 | "namespaceSelectors": { 22 | "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies.\nItems in this list are evaluated using a logical OR operation.", 23 | "items": { 24 | "description": "NamespaceSelector selects the namespaces to which this ACL applies.\nAn empty map of MatchLabels matches all namespaces in a cluster.", 25 | "properties": { 26 | "matchLabels": { 27 | "additionalProperties": { 28 | "type": "string" 29 | }, 30 | "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", 31 | "type": "object" 32 | } 33 | }, 34 | "type": "object", 35 | "additionalProperties": false 36 | }, 37 | "type": "array" 38 | } 39 | }, 40 | "required": [ 41 | "namespaceSelectors" 42 | ], 43 | "type": "object", 44 | "additionalProperties": false 45 | }, 46 | "bucketName": { 47 | "description": "The bucket name.", 48 | "type": "string" 49 | }, 50 | "endpoint": { 51 | "description": "The bucket endpoint address.", 52 | "type": "string" 53 | }, 54 | "ignore": { 55 | "description": "Ignore overrides the set of excluded patterns in the .sourceignore format\n(which is the same as .gitignore). If not provided, a default will be used,\nconsult the documentation for your version to find out what those are.", 56 | "type": "string" 57 | }, 58 | "insecure": { 59 | "description": "Insecure allows connecting to a non-TLS S3 HTTP endpoint.", 60 | "type": "boolean" 61 | }, 62 | "interval": { 63 | "description": "The interval at which to check for bucket updates.", 64 | "type": "string" 65 | }, 66 | "provider": { 67 | "default": "generic", 68 | "description": "The S3 compatible storage provider name, default ('generic').", 69 | "enum": [ 70 | "generic", 71 | "aws", 72 | "gcp" 73 | ], 74 | "type": "string" 75 | }, 76 | "region": { 77 | "description": "The bucket region.", 78 | "type": "string" 79 | }, 80 | "secretRef": { 81 | "description": "The name of the secret containing authentication credentials\nfor the Bucket.", 82 | "properties": { 83 | "name": { 84 | "description": "Name of the referent.", 85 | "type": "string" 86 | } 87 | }, 88 | "required": [ 89 | "name" 90 | ], 91 | "type": "object", 92 | "additionalProperties": false 93 | }, 94 | "suspend": { 95 | "description": "This flag tells the controller to suspend the reconciliation of this source.", 96 | "type": "boolean" 97 | }, 98 | "timeout": { 99 | "default": "60s", 100 | "description": "The timeout for download operations, defaults to 60s.", 101 | "type": "string" 102 | } 103 | }, 104 | "required": [ 105 | "bucketName", 106 | "endpoint", 107 | "interval" 108 | ], 109 | "type": "object", 110 | "additionalProperties": false 111 | }, 112 | "status": { 113 | "default": { 114 | "observedGeneration": -1 115 | }, 116 | "description": "BucketStatus defines the observed state of a bucket", 117 | "properties": { 118 | "artifact": { 119 | "description": "Artifact represents the output of the last successful Bucket sync.", 120 | "properties": { 121 | "checksum": { 122 | "description": "Checksum is the SHA256 checksum of the artifact.", 123 | "type": "string" 124 | }, 125 | "lastUpdateTime": { 126 | "description": "LastUpdateTime is the timestamp corresponding to the last update of this\nartifact.", 127 | "format": "date-time", 128 | "type": "string" 129 | }, 130 | "path": { 131 | "description": "Path is the relative file path of this artifact.", 132 | "type": "string" 133 | }, 134 | "revision": { 135 | "description": "Revision is a human readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm\nchart version, etc.", 136 | "type": "string" 137 | }, 138 | "url": { 139 | "description": "URL is the HTTP address of this artifact.", 140 | "type": "string" 141 | } 142 | }, 143 | "required": [ 144 | "lastUpdateTime", 145 | "path", 146 | "url" 147 | ], 148 | "type": "object", 149 | "additionalProperties": false 150 | }, 151 | "conditions": { 152 | "description": "Conditions holds the conditions for the Bucket.", 153 | "items": { 154 | "description": "Condition contains details for one aspect of the current state of this API Resource.", 155 | "properties": { 156 | "lastTransitionTime": { 157 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 158 | "format": "date-time", 159 | "type": "string" 160 | }, 161 | "message": { 162 | "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", 163 | "maxLength": 32768, 164 | "type": "string" 165 | }, 166 | "observedGeneration": { 167 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", 168 | "format": "int64", 169 | "minimum": 0, 170 | "type": "integer" 171 | }, 172 | "reason": { 173 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", 174 | "maxLength": 1024, 175 | "minLength": 1, 176 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 177 | "type": "string" 178 | }, 179 | "status": { 180 | "description": "status of the condition, one of True, False, Unknown.", 181 | "enum": [ 182 | "True", 183 | "False", 184 | "Unknown" 185 | ], 186 | "type": "string" 187 | }, 188 | "type": { 189 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", 190 | "maxLength": 316, 191 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 192 | "type": "string" 193 | } 194 | }, 195 | "required": [ 196 | "lastTransitionTime", 197 | "message", 198 | "reason", 199 | "status", 200 | "type" 201 | ], 202 | "type": "object", 203 | "additionalProperties": false 204 | }, 205 | "type": "array" 206 | }, 207 | "lastHandledReconcileAt": { 208 | "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", 209 | "type": "string" 210 | }, 211 | "observedGeneration": { 212 | "description": "ObservedGeneration is the last observed generation.", 213 | "format": "int64", 214 | "type": "integer" 215 | }, 216 | "url": { 217 | "description": "URL is the download link for the artifact output of the last Bucket sync.", 218 | "type": "string" 219 | } 220 | }, 221 | "type": "object", 222 | "additionalProperties": false 223 | } 224 | }, 225 | "type": "object" 226 | } -------------------------------------------------------------------------------- /helmchart-source-v1beta1.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "HelmChart is the Schema for the helmcharts API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "HelmChartSpec defines the desired state of a Helm chart.", 17 | "properties": { 18 | "accessFrom": { 19 | "description": "AccessFrom defines an Access Control List for allowing cross-namespace references to this object.", 20 | "properties": { 21 | "namespaceSelectors": { 22 | "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies.\nItems in this list are evaluated using a logical OR operation.", 23 | "items": { 24 | "description": "NamespaceSelector selects the namespaces to which this ACL applies.\nAn empty map of MatchLabels matches all namespaces in a cluster.", 25 | "properties": { 26 | "matchLabels": { 27 | "additionalProperties": { 28 | "type": "string" 29 | }, 30 | "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", 31 | "type": "object" 32 | } 33 | }, 34 | "type": "object", 35 | "additionalProperties": false 36 | }, 37 | "type": "array" 38 | } 39 | }, 40 | "required": [ 41 | "namespaceSelectors" 42 | ], 43 | "type": "object", 44 | "additionalProperties": false 45 | }, 46 | "chart": { 47 | "description": "The name or path the Helm chart is available at in the SourceRef.", 48 | "type": "string" 49 | }, 50 | "interval": { 51 | "description": "The interval at which to check the Source for updates.", 52 | "type": "string" 53 | }, 54 | "reconcileStrategy": { 55 | "default": "ChartVersion", 56 | "description": "Determines what enables the creation of a new artifact. Valid values are\n('ChartVersion', 'Revision').\nSee the documentation of the values for an explanation on their behavior.\nDefaults to ChartVersion when omitted.", 57 | "enum": [ 58 | "ChartVersion", 59 | "Revision" 60 | ], 61 | "type": "string" 62 | }, 63 | "sourceRef": { 64 | "description": "The reference to the Source the chart is available at.", 65 | "properties": { 66 | "apiVersion": { 67 | "description": "APIVersion of the referent.", 68 | "type": "string" 69 | }, 70 | "kind": { 71 | "description": "Kind of the referent, valid values are ('HelmRepository', 'GitRepository',\n'Bucket').", 72 | "enum": [ 73 | "HelmRepository", 74 | "GitRepository", 75 | "Bucket" 76 | ], 77 | "type": "string" 78 | }, 79 | "name": { 80 | "description": "Name of the referent.", 81 | "type": "string" 82 | } 83 | }, 84 | "required": [ 85 | "kind", 86 | "name" 87 | ], 88 | "type": "object", 89 | "additionalProperties": false 90 | }, 91 | "suspend": { 92 | "description": "This flag tells the controller to suspend the reconciliation of this source.", 93 | "type": "boolean" 94 | }, 95 | "valuesFile": { 96 | "description": "Alternative values file to use as the default chart values, expected to\nbe a relative path in the SourceRef. Deprecated in favor of ValuesFiles,\nfor backwards compatibility the file defined here is merged before the\nValuesFiles items. Ignored when omitted.", 97 | "type": "string" 98 | }, 99 | "valuesFiles": { 100 | "description": "Alternative list of values files to use as the chart values (values.yaml\nis not included by default), expected to be a relative path in the SourceRef.\nValues files are merged in the order of this list with the last file overriding\nthe first. Ignored when omitted.", 101 | "items": { 102 | "type": "string" 103 | }, 104 | "type": "array" 105 | }, 106 | "version": { 107 | "default": "*", 108 | "description": "The chart version semver expression, ignored for charts from GitRepository\nand Bucket sources. Defaults to latest when omitted.", 109 | "type": "string" 110 | } 111 | }, 112 | "required": [ 113 | "chart", 114 | "interval", 115 | "sourceRef" 116 | ], 117 | "type": "object", 118 | "additionalProperties": false 119 | }, 120 | "status": { 121 | "default": { 122 | "observedGeneration": -1 123 | }, 124 | "description": "HelmChartStatus defines the observed state of the HelmChart.", 125 | "properties": { 126 | "artifact": { 127 | "description": "Artifact represents the output of the last successful chart sync.", 128 | "properties": { 129 | "checksum": { 130 | "description": "Checksum is the SHA256 checksum of the artifact.", 131 | "type": "string" 132 | }, 133 | "lastUpdateTime": { 134 | "description": "LastUpdateTime is the timestamp corresponding to the last update of this\nartifact.", 135 | "format": "date-time", 136 | "type": "string" 137 | }, 138 | "path": { 139 | "description": "Path is the relative file path of this artifact.", 140 | "type": "string" 141 | }, 142 | "revision": { 143 | "description": "Revision is a human readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm\nchart version, etc.", 144 | "type": "string" 145 | }, 146 | "url": { 147 | "description": "URL is the HTTP address of this artifact.", 148 | "type": "string" 149 | } 150 | }, 151 | "required": [ 152 | "lastUpdateTime", 153 | "path", 154 | "url" 155 | ], 156 | "type": "object", 157 | "additionalProperties": false 158 | }, 159 | "conditions": { 160 | "description": "Conditions holds the conditions for the HelmChart.", 161 | "items": { 162 | "description": "Condition contains details for one aspect of the current state of this API Resource.", 163 | "properties": { 164 | "lastTransitionTime": { 165 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 166 | "format": "date-time", 167 | "type": "string" 168 | }, 169 | "message": { 170 | "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", 171 | "maxLength": 32768, 172 | "type": "string" 173 | }, 174 | "observedGeneration": { 175 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", 176 | "format": "int64", 177 | "minimum": 0, 178 | "type": "integer" 179 | }, 180 | "reason": { 181 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", 182 | "maxLength": 1024, 183 | "minLength": 1, 184 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 185 | "type": "string" 186 | }, 187 | "status": { 188 | "description": "status of the condition, one of True, False, Unknown.", 189 | "enum": [ 190 | "True", 191 | "False", 192 | "Unknown" 193 | ], 194 | "type": "string" 195 | }, 196 | "type": { 197 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", 198 | "maxLength": 316, 199 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 200 | "type": "string" 201 | } 202 | }, 203 | "required": [ 204 | "lastTransitionTime", 205 | "message", 206 | "reason", 207 | "status", 208 | "type" 209 | ], 210 | "type": "object", 211 | "additionalProperties": false 212 | }, 213 | "type": "array" 214 | }, 215 | "lastHandledReconcileAt": { 216 | "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", 217 | "type": "string" 218 | }, 219 | "observedGeneration": { 220 | "description": "ObservedGeneration is the last observed generation.", 221 | "format": "int64", 222 | "type": "integer" 223 | }, 224 | "url": { 225 | "description": "URL is the download link for the last chart pulled.", 226 | "type": "string" 227 | } 228 | }, 229 | "type": "object", 230 | "additionalProperties": false 231 | } 232 | }, 233 | "type": "object" 234 | } -------------------------------------------------------------------------------- /imageupdateautomation-image-v1alpha1.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "ImageUpdateAutomation is the Schema for the imageupdateautomations API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "ImageUpdateAutomationSpec defines the desired state of ImageUpdateAutomation", 17 | "properties": { 18 | "checkout": { 19 | "description": "Checkout gives the parameters for cloning the git repository, ready to make changes.", 20 | "properties": { 21 | "branch": { 22 | "description": "Branch gives the branch to clone from the git repository. If `.spec.push` is not supplied, commits will also be pushed to this branch.", 23 | "type": "string" 24 | }, 25 | "gitRepositoryRef": { 26 | "description": "GitRepositoryRef refers to the resource giving access details to a git repository to update files in.", 27 | "properties": { 28 | "name": { 29 | "description": "Name of the referent.", 30 | "type": "string" 31 | } 32 | }, 33 | "required": [ 34 | "name" 35 | ], 36 | "type": "object", 37 | "additionalProperties": false 38 | } 39 | }, 40 | "required": [ 41 | "branch", 42 | "gitRepositoryRef" 43 | ], 44 | "type": "object", 45 | "additionalProperties": false 46 | }, 47 | "commit": { 48 | "description": "Commit specifies how to commit to the git repository.", 49 | "properties": { 50 | "authorEmail": { 51 | "description": "AuthorEmail gives the email to provide when making a commit", 52 | "type": "string" 53 | }, 54 | "authorName": { 55 | "description": "AuthorName gives the name to provide when making a commit", 56 | "type": "string" 57 | }, 58 | "messageTemplate": { 59 | "description": "MessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made.", 60 | "type": "string" 61 | }, 62 | "signingKey": { 63 | "description": "SigningKey provides the option to sign commits with a GPG key", 64 | "properties": { 65 | "secretRef": { 66 | "description": "SecretRef holds the name to a secret that contains a 'git.asc' key corresponding to the ASCII Armored file containing the GPG signing keypair as the value. It must be in the same namespace as the ImageUpdateAutomation.", 67 | "properties": { 68 | "name": { 69 | "description": "Name of the referent.", 70 | "type": "string" 71 | } 72 | }, 73 | "required": [ 74 | "name" 75 | ], 76 | "type": "object", 77 | "additionalProperties": false 78 | } 79 | }, 80 | "type": "object", 81 | "additionalProperties": false 82 | } 83 | }, 84 | "required": [ 85 | "authorEmail", 86 | "authorName" 87 | ], 88 | "type": "object", 89 | "additionalProperties": false 90 | }, 91 | "interval": { 92 | "description": "Interval gives an lower bound for how often the automation run should be attempted.", 93 | "type": "string" 94 | }, 95 | "push": { 96 | "description": "Push specifies how and where to push commits made by the automation. If missing, commits are pushed (back) to `.spec.checkout.branch`.", 97 | "properties": { 98 | "branch": { 99 | "description": "Branch specifies that commits should be pushed to the branch named. The branch is created using `.spec.checkout.branch` as the starting point, if it doesn't already exist.", 100 | "type": "string" 101 | } 102 | }, 103 | "required": [ 104 | "branch" 105 | ], 106 | "type": "object", 107 | "additionalProperties": false 108 | }, 109 | "suspend": { 110 | "description": "Suspend tells the controller to not run this automation, until it is unset (or set to false). Defaults to false.", 111 | "type": "boolean" 112 | }, 113 | "update": { 114 | "default": { 115 | "strategy": "Setters" 116 | }, 117 | "description": "Update gives the specification for how to update the files in the repository. This can be left empty, to use the default value.", 118 | "properties": { 119 | "path": { 120 | "description": "Path to the directory containing the manifests to be updated. Defaults to 'None', which translates to the root path of the GitRepositoryRef.", 121 | "type": "string" 122 | }, 123 | "strategy": { 124 | "default": "Setters", 125 | "description": "Strategy names the strategy to be used.", 126 | "enum": [ 127 | "Setters" 128 | ], 129 | "type": "string" 130 | } 131 | }, 132 | "required": [ 133 | "strategy" 134 | ], 135 | "type": "object", 136 | "additionalProperties": false 137 | } 138 | }, 139 | "required": [ 140 | "checkout", 141 | "commit", 142 | "interval" 143 | ], 144 | "type": "object", 145 | "additionalProperties": false 146 | }, 147 | "status": { 148 | "description": "ImageUpdateAutomationStatus defines the observed state of ImageUpdateAutomation", 149 | "properties": { 150 | "conditions": { 151 | "items": { 152 | "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", 153 | "properties": { 154 | "lastTransitionTime": { 155 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 156 | "format": "date-time", 157 | "type": "string" 158 | }, 159 | "message": { 160 | "description": "message is a human readable message indicating details about the transition. This may be an empty string.", 161 | "maxLength": 32768, 162 | "type": "string" 163 | }, 164 | "observedGeneration": { 165 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", 166 | "format": "int64", 167 | "minimum": 0, 168 | "type": "integer" 169 | }, 170 | "reason": { 171 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", 172 | "maxLength": 1024, 173 | "minLength": 1, 174 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 175 | "type": "string" 176 | }, 177 | "status": { 178 | "description": "status of the condition, one of True, False, Unknown.", 179 | "enum": [ 180 | "True", 181 | "False", 182 | "Unknown" 183 | ], 184 | "type": "string" 185 | }, 186 | "type": { 187 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", 188 | "maxLength": 316, 189 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 190 | "type": "string" 191 | } 192 | }, 193 | "required": [ 194 | "lastTransitionTime", 195 | "message", 196 | "reason", 197 | "status", 198 | "type" 199 | ], 200 | "type": "object", 201 | "additionalProperties": false 202 | }, 203 | "type": "array" 204 | }, 205 | "lastAutomationRunTime": { 206 | "description": "LastAutomationRunTime records the last time the controller ran this automation through to completion (even if no updates were made).", 207 | "format": "date-time", 208 | "type": "string" 209 | }, 210 | "lastHandledReconcileAt": { 211 | "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", 212 | "type": "string" 213 | }, 214 | "lastPushCommit": { 215 | "description": "LastPushCommit records the SHA1 of the last commit made by the controller, for this automation object", 216 | "type": "string" 217 | }, 218 | "lastPushTime": { 219 | "description": "LastPushTime records the time of the last pushed change.", 220 | "format": "date-time", 221 | "type": "string" 222 | }, 223 | "observedGeneration": { 224 | "format": "int64", 225 | "type": "integer" 226 | } 227 | }, 228 | "type": "object", 229 | "additionalProperties": false 230 | } 231 | }, 232 | "type": "object" 233 | } -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /imagepolicy-image-v1.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "ImagePolicy is the Schema for the imagepolicies API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "ImagePolicySpec defines the parameters for calculating the\nImagePolicy.", 17 | "properties": { 18 | "digestReflectionPolicy": { 19 | "default": "Never", 20 | "description": "DigestReflectionPolicy governs the setting of the `.status.latestRef.digest` field.\n\nNever: The digest field will always be set to the empty string.\n\nIfNotPresent: The digest field will be set to the digest of the elected\nlatest image if the field is empty and the image did not change.\n\nAlways: The digest field will always be set to the digest of the elected\nlatest image.\n\nDefault: Never.", 21 | "enum": [ 22 | "Always", 23 | "IfNotPresent", 24 | "Never" 25 | ], 26 | "type": "string" 27 | }, 28 | "filterTags": { 29 | "description": "FilterTags enables filtering for only a subset of tags based on a set of\nrules. If no rules are provided, all the tags from the repository will be\nordered and compared.", 30 | "properties": { 31 | "extract": { 32 | "description": "Extract allows a capture group to be extracted from the specified regular\nexpression pattern, useful before tag evaluation.", 33 | "type": "string" 34 | }, 35 | "pattern": { 36 | "description": "Pattern specifies a regular expression pattern used to filter for image\ntags.", 37 | "type": "string" 38 | } 39 | }, 40 | "type": "object", 41 | "additionalProperties": false 42 | }, 43 | "imageRepositoryRef": { 44 | "description": "ImageRepositoryRef points at the object specifying the image\nbeing scanned", 45 | "properties": { 46 | "name": { 47 | "description": "Name of the referent.", 48 | "type": "string" 49 | }, 50 | "namespace": { 51 | "description": "Namespace of the referent, when not specified it acts as LocalObjectReference.", 52 | "type": "string" 53 | } 54 | }, 55 | "required": [ 56 | "name" 57 | ], 58 | "type": "object", 59 | "additionalProperties": false 60 | }, 61 | "interval": { 62 | "description": "Interval is the length of time to wait between\nrefreshing the digest of the latest tag when the\nreflection policy is set to \"Always\".\n\nDefaults to 10m.", 63 | "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$", 64 | "type": "string" 65 | }, 66 | "policy": { 67 | "description": "Policy gives the particulars of the policy to be followed in\nselecting the most recent image", 68 | "properties": { 69 | "alphabetical": { 70 | "description": "Alphabetical set of rules to use for alphabetical ordering of the tags.", 71 | "properties": { 72 | "order": { 73 | "default": "asc", 74 | "description": "Order specifies the sorting order of the tags. Given the letters of the\nalphabet as tags, ascending order would select Z, and descending order\nwould select A.", 75 | "enum": [ 76 | "asc", 77 | "desc" 78 | ], 79 | "type": "string" 80 | } 81 | }, 82 | "type": "object", 83 | "additionalProperties": false 84 | }, 85 | "numerical": { 86 | "description": "Numerical set of rules to use for numerical ordering of the tags.", 87 | "properties": { 88 | "order": { 89 | "default": "asc", 90 | "description": "Order specifies the sorting order of the tags. Given the integer values\nfrom 0 to 9 as tags, ascending order would select 9, and descending order\nwould select 0.", 91 | "enum": [ 92 | "asc", 93 | "desc" 94 | ], 95 | "type": "string" 96 | } 97 | }, 98 | "type": "object", 99 | "additionalProperties": false 100 | }, 101 | "semver": { 102 | "description": "SemVer gives a semantic version range to check against the tags\navailable.", 103 | "properties": { 104 | "range": { 105 | "description": "Range gives a semver range for the image tag; the highest\nversion within the range that's a tag yields the latest image.", 106 | "type": "string" 107 | } 108 | }, 109 | "required": [ 110 | "range" 111 | ], 112 | "type": "object", 113 | "additionalProperties": false 114 | } 115 | }, 116 | "type": "object", 117 | "additionalProperties": false 118 | }, 119 | "suspend": { 120 | "description": "This flag tells the controller to suspend subsequent policy reconciliations.\nIt does not apply to already started reconciliations. Defaults to false.", 121 | "type": "boolean" 122 | } 123 | }, 124 | "required": [ 125 | "imageRepositoryRef", 126 | "policy" 127 | ], 128 | "type": "object", 129 | "x-kubernetes-validations": [ 130 | { 131 | "message": "spec.interval is only accepted when spec.digestReflectionPolicy is set to 'Always'", 132 | "rule": "!has(self.interval) || (has(self.digestReflectionPolicy) && self.digestReflectionPolicy == 'Always')" 133 | }, 134 | { 135 | "message": "spec.interval must be set when spec.digestReflectionPolicy is set to 'Always'", 136 | "rule": "has(self.interval) || !has(self.digestReflectionPolicy) || self.digestReflectionPolicy != 'Always'" 137 | } 138 | ], 139 | "additionalProperties": false 140 | }, 141 | "status": { 142 | "default": { 143 | "observedGeneration": -1 144 | }, 145 | "description": "ImagePolicyStatus defines the observed state of ImagePolicy", 146 | "properties": { 147 | "conditions": { 148 | "items": { 149 | "description": "Condition contains details for one aspect of the current state of this API Resource.", 150 | "properties": { 151 | "lastTransitionTime": { 152 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 153 | "format": "date-time", 154 | "type": "string" 155 | }, 156 | "message": { 157 | "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", 158 | "maxLength": 32768, 159 | "type": "string" 160 | }, 161 | "observedGeneration": { 162 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", 163 | "format": "int64", 164 | "minimum": 0, 165 | "type": "integer" 166 | }, 167 | "reason": { 168 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", 169 | "maxLength": 1024, 170 | "minLength": 1, 171 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 172 | "type": "string" 173 | }, 174 | "status": { 175 | "description": "status of the condition, one of True, False, Unknown.", 176 | "enum": [ 177 | "True", 178 | "False", 179 | "Unknown" 180 | ], 181 | "type": "string" 182 | }, 183 | "type": { 184 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", 185 | "maxLength": 316, 186 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 187 | "type": "string" 188 | } 189 | }, 190 | "required": [ 191 | "lastTransitionTime", 192 | "message", 193 | "reason", 194 | "status", 195 | "type" 196 | ], 197 | "type": "object", 198 | "additionalProperties": false 199 | }, 200 | "type": "array" 201 | }, 202 | "lastHandledReconcileAt": { 203 | "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", 204 | "type": "string" 205 | }, 206 | "latestRef": { 207 | "description": "LatestRef gives the first in the list of images scanned by\nthe image repository, when filtered and ordered according\nto the policy.", 208 | "properties": { 209 | "digest": { 210 | "description": "Digest is the image's digest.", 211 | "type": "string" 212 | }, 213 | "name": { 214 | "description": "Name is the bare image's name.", 215 | "type": "string" 216 | }, 217 | "tag": { 218 | "description": "Tag is the image's tag.", 219 | "type": "string" 220 | } 221 | }, 222 | "required": [ 223 | "name", 224 | "tag" 225 | ], 226 | "type": "object", 227 | "additionalProperties": false 228 | }, 229 | "observedGeneration": { 230 | "format": "int64", 231 | "type": "integer" 232 | }, 233 | "observedPreviousRef": { 234 | "description": "ObservedPreviousRef is the observed previous LatestRef. It is used\nto keep track of the previous and current images.", 235 | "properties": { 236 | "digest": { 237 | "description": "Digest is the image's digest.", 238 | "type": "string" 239 | }, 240 | "name": { 241 | "description": "Name is the bare image's name.", 242 | "type": "string" 243 | }, 244 | "tag": { 245 | "description": "Tag is the image's tag.", 246 | "type": "string" 247 | } 248 | }, 249 | "required": [ 250 | "name", 251 | "tag" 252 | ], 253 | "type": "object", 254 | "additionalProperties": false 255 | } 256 | }, 257 | "type": "object", 258 | "additionalProperties": false 259 | } 260 | }, 261 | "type": "object" 262 | } -------------------------------------------------------------------------------- /imagepolicy-image-v1beta2.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "ImagePolicy is the Schema for the imagepolicies API", 3 | "properties": { 4 | "apiVersion": { 5 | "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", 6 | "type": "string" 7 | }, 8 | "kind": { 9 | "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", 10 | "type": "string" 11 | }, 12 | "metadata": { 13 | "type": "object" 14 | }, 15 | "spec": { 16 | "description": "ImagePolicySpec defines the parameters for calculating the\nImagePolicy.", 17 | "properties": { 18 | "digestReflectionPolicy": { 19 | "default": "Never", 20 | "description": "DigestReflectionPolicy governs the setting of the `.status.latestRef.digest` field.\n\nNever: The digest field will always be set to the empty string.\n\nIfNotPresent: The digest field will be set to the digest of the elected\nlatest image if the field is empty and the image did not change.\n\nAlways: The digest field will always be set to the digest of the elected\nlatest image.\n\nDefault: Never.", 21 | "enum": [ 22 | "Always", 23 | "IfNotPresent", 24 | "Never" 25 | ], 26 | "type": "string" 27 | }, 28 | "filterTags": { 29 | "description": "FilterTags enables filtering for only a subset of tags based on a set of\nrules. If no rules are provided, all the tags from the repository will be\nordered and compared.", 30 | "properties": { 31 | "extract": { 32 | "description": "Extract allows a capture group to be extracted from the specified regular\nexpression pattern, useful before tag evaluation.", 33 | "type": "string" 34 | }, 35 | "pattern": { 36 | "description": "Pattern specifies a regular expression pattern used to filter for image\ntags.", 37 | "type": "string" 38 | } 39 | }, 40 | "type": "object", 41 | "additionalProperties": false 42 | }, 43 | "imageRepositoryRef": { 44 | "description": "ImageRepositoryRef points at the object specifying the image\nbeing scanned", 45 | "properties": { 46 | "name": { 47 | "description": "Name of the referent.", 48 | "type": "string" 49 | }, 50 | "namespace": { 51 | "description": "Namespace of the referent, when not specified it acts as LocalObjectReference.", 52 | "type": "string" 53 | } 54 | }, 55 | "required": [ 56 | "name" 57 | ], 58 | "type": "object", 59 | "additionalProperties": false 60 | }, 61 | "interval": { 62 | "description": "Interval is the length of time to wait between\nrefreshing the digest of the latest tag when the\nreflection policy is set to \"Always\".\n\nDefaults to 10m.", 63 | "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$", 64 | "type": "string" 65 | }, 66 | "policy": { 67 | "description": "Policy gives the particulars of the policy to be followed in\nselecting the most recent image", 68 | "properties": { 69 | "alphabetical": { 70 | "description": "Alphabetical set of rules to use for alphabetical ordering of the tags.", 71 | "properties": { 72 | "order": { 73 | "default": "asc", 74 | "description": "Order specifies the sorting order of the tags. Given the letters of the\nalphabet as tags, ascending order would select Z, and descending order\nwould select A.", 75 | "enum": [ 76 | "asc", 77 | "desc" 78 | ], 79 | "type": "string" 80 | } 81 | }, 82 | "type": "object", 83 | "additionalProperties": false 84 | }, 85 | "numerical": { 86 | "description": "Numerical set of rules to use for numerical ordering of the tags.", 87 | "properties": { 88 | "order": { 89 | "default": "asc", 90 | "description": "Order specifies the sorting order of the tags. Given the integer values\nfrom 0 to 9 as tags, ascending order would select 9, and descending order\nwould select 0.", 91 | "enum": [ 92 | "asc", 93 | "desc" 94 | ], 95 | "type": "string" 96 | } 97 | }, 98 | "type": "object", 99 | "additionalProperties": false 100 | }, 101 | "semver": { 102 | "description": "SemVer gives a semantic version range to check against the tags\navailable.", 103 | "properties": { 104 | "range": { 105 | "description": "Range gives a semver range for the image tag; the highest\nversion within the range that's a tag yields the latest image.", 106 | "type": "string" 107 | } 108 | }, 109 | "required": [ 110 | "range" 111 | ], 112 | "type": "object", 113 | "additionalProperties": false 114 | } 115 | }, 116 | "type": "object", 117 | "additionalProperties": false 118 | }, 119 | "suspend": { 120 | "description": "This flag tells the controller to suspend subsequent policy reconciliations.\nIt does not apply to already started reconciliations. Defaults to false.", 121 | "type": "boolean" 122 | } 123 | }, 124 | "required": [ 125 | "imageRepositoryRef", 126 | "policy" 127 | ], 128 | "type": "object", 129 | "x-kubernetes-validations": [ 130 | { 131 | "message": "spec.interval is only accepted when spec.digestReflectionPolicy is set to 'Always'", 132 | "rule": "!has(self.interval) || (has(self.digestReflectionPolicy) && self.digestReflectionPolicy == 'Always')" 133 | }, 134 | { 135 | "message": "spec.interval must be set when spec.digestReflectionPolicy is set to 'Always'", 136 | "rule": "has(self.interval) || !has(self.digestReflectionPolicy) || self.digestReflectionPolicy != 'Always'" 137 | } 138 | ], 139 | "additionalProperties": false 140 | }, 141 | "status": { 142 | "default": { 143 | "observedGeneration": -1 144 | }, 145 | "description": "ImagePolicyStatus defines the observed state of ImagePolicy", 146 | "properties": { 147 | "conditions": { 148 | "items": { 149 | "description": "Condition contains details for one aspect of the current state of this API Resource.", 150 | "properties": { 151 | "lastTransitionTime": { 152 | "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", 153 | "format": "date-time", 154 | "type": "string" 155 | }, 156 | "message": { 157 | "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", 158 | "maxLength": 32768, 159 | "type": "string" 160 | }, 161 | "observedGeneration": { 162 | "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", 163 | "format": "int64", 164 | "minimum": 0, 165 | "type": "integer" 166 | }, 167 | "reason": { 168 | "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", 169 | "maxLength": 1024, 170 | "minLength": 1, 171 | "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", 172 | "type": "string" 173 | }, 174 | "status": { 175 | "description": "status of the condition, one of True, False, Unknown.", 176 | "enum": [ 177 | "True", 178 | "False", 179 | "Unknown" 180 | ], 181 | "type": "string" 182 | }, 183 | "type": { 184 | "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", 185 | "maxLength": 316, 186 | "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", 187 | "type": "string" 188 | } 189 | }, 190 | "required": [ 191 | "lastTransitionTime", 192 | "message", 193 | "reason", 194 | "status", 195 | "type" 196 | ], 197 | "type": "object", 198 | "additionalProperties": false 199 | }, 200 | "type": "array" 201 | }, 202 | "lastHandledReconcileAt": { 203 | "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", 204 | "type": "string" 205 | }, 206 | "latestRef": { 207 | "description": "LatestRef gives the first in the list of images scanned by\nthe image repository, when filtered and ordered according\nto the policy.", 208 | "properties": { 209 | "digest": { 210 | "description": "Digest is the image's digest.", 211 | "type": "string" 212 | }, 213 | "name": { 214 | "description": "Name is the bare image's name.", 215 | "type": "string" 216 | }, 217 | "tag": { 218 | "description": "Tag is the image's tag.", 219 | "type": "string" 220 | } 221 | }, 222 | "required": [ 223 | "name", 224 | "tag" 225 | ], 226 | "type": "object", 227 | "additionalProperties": false 228 | }, 229 | "observedGeneration": { 230 | "format": "int64", 231 | "type": "integer" 232 | }, 233 | "observedPreviousRef": { 234 | "description": "ObservedPreviousRef is the observed previous LatestRef. It is used\nto keep track of the previous and current images.", 235 | "properties": { 236 | "digest": { 237 | "description": "Digest is the image's digest.", 238 | "type": "string" 239 | }, 240 | "name": { 241 | "description": "Name is the bare image's name.", 242 | "type": "string" 243 | }, 244 | "tag": { 245 | "description": "Tag is the image's tag.", 246 | "type": "string" 247 | } 248 | }, 249 | "required": [ 250 | "name", 251 | "tag" 252 | ], 253 | "type": "object", 254 | "additionalProperties": false 255 | } 256 | }, 257 | "type": "object", 258 | "additionalProperties": false 259 | } 260 | }, 261 | "type": "object" 262 | } --------------------------------------------------------------------------------