@@ -586,6 +586,9 @@ spec:
586586 description : ServerVersion is the version of the Kubernetes API
587587 server.
588588 type : string
589+ required :
590+ - platform
591+ - serverVersion
589592 type : object
590593 components :
591594 description : ComponentsStatus is the status of the Flux controller
@@ -637,6 +640,23 @@ spec:
637640 - entitlement
638641 - status
639642 type : object
643+ operator :
644+ description : Operator is the version information of the Flux Operator.
645+ properties :
646+ apiVersion :
647+ description : APIVersion is the API version of the Flux Operator.
648+ type : string
649+ platform :
650+ description : Platform is the os/arch of Flux Operator.
651+ type : string
652+ version :
653+ description : Version is the version number of Flux Operator.
654+ type : string
655+ required :
656+ - apiVersion
657+ - platform
658+ - version
659+ type : object
640660 reconcilers :
641661 description : |-
642662 ReconcilersStatus is the list of Flux reconcilers and
@@ -858,8 +878,10 @@ spec:
858878 - a PEM-encoded CA certificate (`ca.crt`)
859879 - a PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`)
860880
861- When connecting to a Git provider that uses self-signed certificates, the CA certificate
881+ When connecting to a Git or OCI provider that uses self-signed certificates, the CA certificate
862882 must be set in the Secret under the 'ca.crt' key to establish the trust relationship.
883+ When connecting to an OCI provider that supports client certificates (mTLS), the client certificate
884+ and private key must be set in the Secret under the 'tls.crt' and 'tls.key' keys, respectively.
863885properties :
864886 name :
865887 description : Name of the referent.
@@ -884,25 +906,39 @@ spec:
884906 ExcludeBranch specifies the regular expression to filter the branches
885907 that the input provider should exclude.
886908type : string
909+ excludeTag :
910+ description : |-
911+ ExcludeTag specifies the regular expression to filter the tags
912+ that the input provider should exclude.
913+ type : string
887914 includeBranch :
888915 description : |-
889916 IncludeBranch specifies the regular expression to filter the branches
890917 that the input provider should include.
891918type : string
919+ includeTag :
920+ description : |-
921+ IncludeTag specifies the regular expression to filter the tags
922+ that the input provider should include.
923+ type : string
892924 labels :
893925 description : Labels specifies the list of labels to filter the
894926 input provider response.
895927 items :
896928 type : string
897929 type : array
898930 limit :
931+ default : 100
899932 description : |-
900933 Limit specifies the maximum number of input sets to return.
901934 When not set, the default limit is 100.
902935type : integer
903936 semver :
904- description : Semver specifies the semantic version range to filter
905- and order the tags.
937+ description : |-
938+ Semver specifies a semantic version range to filter and sort the tags.
939+ If this field is not specified, the tags will be sorted in reverse
940+ alphabetical order.
941+ Supported only for tags at the moment.
906942type : string
907943 type : object
908944 schedule :
@@ -933,17 +969,27 @@ spec:
933969 secretRef :
934970 description : |-
935971 SecretRef specifies the Kubernetes Secret containing the basic-auth credentials
936- to access the input provider. The secret must contain the keys
937- 'username' and 'password'.
938- When connecting to a Git provider, the password should be a personal access token
972+ to access the input provider.
973+ When connecting to a Git provider, the secret must contain the keys
974+ 'username' and 'password', and the password should be a personal access token
939975 that grants read-only access to the repository.
976+ When connecting to an OCI provider, the secret must contain a Kubernetes
977+ Image Pull Secret, as if created by `kubectl create secret docker-registry`.
940978properties :
941979 name :
942980 description : Name of the referent.
943981 type : string
944982 required :
945983 - name
946984 type : object
985+ serviceAccountName :
986+ description : |-
987+ ServiceAccountName specifies the name of the Kubernetes ServiceAccount
988+ used for authentication with AWS, Azure or GCP services through
989+ workload identity federation features. If not specified, the
990+ authentication for these cloud providers will use the ServiceAccount
991+ of the operator (or any other environment authentication configuration).
992+ type : string
947993 skip :
948994 description : Skip defines whether we need to skip input provider response
949995 updates.
@@ -966,12 +1012,20 @@ spec:
9661012 - GitLabBranch
9671013 - GitLabTag
9681014 - GitLabMergeRequest
1015+ - AzureDevOpsBranch
1016+ - AzureDevOpsTag
1017+ - AzureDevOpsPullRequest
1018+ - OCIArtifactTag
1019+ - ACRArtifactTag
1020+ - ECRArtifactTag
1021+ - GARArtifactTag
9691022 type : string
9701023 url :
9711024 description : |-
972- URL specifies the HTTP/S address of the input provider API.
1025+ URL specifies the HTTP/S or OCI address of the input provider API.
9731026 When connecting to a Git provider, the URL should point to the repository address.
974- pattern : ^((http|https)://.*){0,1}$
1027+ When connecting to an OCI provider, the URL should point to the OCI repository address.
1028+ pattern : ^((http|https|oci)://.*){0,1}$
9751029 type : string
9761030 required :
9771031 - type
@@ -981,6 +1035,27 @@ spec:
9811035 rule : self.type != 'Static' || !has(self.url)
9821036 - message : spec.url must not be empty when spec.type is not 'Static'
9831037 rule : self.type == 'Static' || has(self.url)
1038+ - message : spec.url must start with 'http://' or 'https://' when spec.type
1039+ is a Git provider
1040+ rule : ' !self.type.startsWith('' Git'' ) || self.url.startsWith('' http'' )'
1041+ - message : spec.url must start with 'http://' or 'https://' when spec.type
1042+ is a Git provider
1043+ rule : ' !self.type.startsWith('' AzureDevOps'' ) || self.url.startsWith('' http'' )'
1044+ - message : spec.url must start with 'oci://' when spec.type is an OCI
1045+ provider
1046+ rule : ' !self.type.endsWith('' ArtifactTag'' ) || self.url.startsWith('' oci'' )'
1047+ - message : cannot specify spec.serviceAccountName when spec.type is not
1048+ one of AzureDevOps* or *ArtifactTag
1049+ rule : ' !has(self.serviceAccountName) || self.type.startsWith('' AzureDevOps'' )
1050+ || self.type.endsWith('' ArtifactTag'' )'
1051+ - message : cannot specify spec.certSecretRef when spec.type is one of
1052+ Static, AzureDevOps*, ACRArtifactTag, ECRArtifactTag or GARArtifactTag
1053+ rule : ' !has(self.certSecretRef) || !(self.url == '' Static'' || self.type.startsWith('' AzureDevOps'' )
1054+ || (self.type.endsWith('' ArtifactTag'' ) && self.type != '' OCIArtifactTag'' ))'
1055+ - message : cannot specify spec.secretRef when spec.type is one of Static,
1056+ ACRArtifactTag, ECRArtifactTag or GARArtifactTag
1057+ rule : ' !has(self.secretRef) || !(self.url == '' Static'' || (self.type.endsWith('' ArtifactTag'' )
1058+ && self.type != '' OCIArtifactTag'' ))'
9841059 status :
9851060 description : ResourceSetInputProviderStatus defines the observed state
9861061 of ResourceSetInputProvider.
0 commit comments