~sbaildon/dev_cluster

94fa05e7df24adcd026bfbe586d58086c51ed1d7 — Sean Baildon 1 year, 2 months ago ee971fd
flux v0.38.3 from 0.31.2

also remove helm-controller
1 files changed, 1486 insertions(+), 1291 deletions(-)

M flux/manifests.yaml
M flux/manifests.yaml => flux/manifests.yaml +1486 -1291
@@ 1,14 1,14 @@
---
# This manifest was generated by flux. DO NOT EDIT.
# Flux Version: 0.31.2
# Components: notification-controller,kustomize-controller,source-controller,helm-controller
# Flux Version: v0.38.3
# Components: notification-controller,kustomize-controller,source-controller
apiVersion: v1
kind: Namespace
metadata:
  labels:
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
    pod-security.kubernetes.io/warn: restricted
    pod-security.kubernetes.io/warn-version: latest
  name: flux-system


@@ 17,12 17,13 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.7.0
    controller-gen.kubebuilder.io/version: v0.8.0
  creationTimestamp: null
  labels:
    app.kubernetes.io/component: notification-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
  name: alerts.notification.toolkit.fluxcd.io
spec:
  group: notification.toolkit.fluxcd.io


@@ 93,6 94,7 @@ spec:
                      - ImageRepository
                      - ImagePolicy
                      - ImageUpdateAutomation
                      - OCIRepository
                      type: string
                    matchLabels:
                      additionalProperties:


@@ 153,13 155,12 @@ spec:
                  description: "Condition contains details for one aspect of the current
                    state of this API Resource. --- This struct is intended for direct
                    use as an array at the field path .status.conditions.  For example,
                    type FooStatus struct{     // Represents the observations of a
                    foo's current state.     // Known .status.conditions.type are:
                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
                    \n     // other fields }"
                    \n type FooStatus struct{ // Represents the observations of a
                    foo's current state. // Known .status.conditions.type are: \"Available\",
                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                  properties:
                    lastTransitionTime:
                      description: lastTransitionTime is the last time the condition


@@ 224,6 225,210 @@ spec:
            type: object
        type: object
    served: true
    storage: false
    subresources:
      status: {}
  - additionalPrinterColumns:
    - jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    - jsonPath: .status.conditions[?(@.type=="Ready")].status
      name: Ready
      type: string
    - jsonPath: .status.conditions[?(@.type=="Ready")].message
      name: Status
      type: string
    name: v1beta2
    schema:
      openAPIV3Schema:
        description: Alert is the Schema for the alerts API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: AlertSpec defines an alerting rule for events involving a
              list of objects.
            properties:
              eventSeverity:
                default: info
                description: EventSeverity specifies how to filter events based on
                  severity. If set to 'info' no events will be filtered.
                enum:
                - info
                - error
                type: string
              eventSources:
                description: EventSources specifies how to filter events based on
                  the involved object kind, name and namespace.
                items:
                  description: CrossNamespaceObjectReference contains enough information
                    to let you locate the typed referenced object at cluster level
                  properties:
                    apiVersion:
                      description: API version of the referent.
                      type: string
                    kind:
                      description: Kind of the referent.
                      enum:
                      - Bucket
                      - GitRepository
                      - Kustomization
                      - HelmRelease
                      - HelmChart
                      - HelmRepository
                      - ImageRepository
                      - ImagePolicy
                      - ImageUpdateAutomation
                      - OCIRepository
                      type: string
                    matchLabels:
                      additionalProperties:
                        type: string
                      description: MatchLabels is a map of {key,value} pairs. A single
                        {key,value} in the matchLabels map is equivalent to an element
                        of matchExpressions, whose key field is "key", the operator
                        is "In", and the values array contains only "value". The requirements
                        are ANDed.
                      type: object
                    name:
                      description: Name of the referent.
                      maxLength: 53
                      minLength: 1
                      type: string
                    namespace:
                      description: Namespace of the referent.
                      maxLength: 53
                      minLength: 1
                      type: string
                  required:
                  - name
                  type: object
                type: array
              exclusionList:
                description: ExclusionList specifies a list of Golang regular expressions
                  to be used for excluding messages.
                items:
                  type: string
                type: array
              providerRef:
                description: ProviderRef specifies which Provider this Alert should
                  use.
                properties:
                  name:
                    description: Name of the referent.
                    type: string
                required:
                - name
                type: object
              summary:
                description: Summary holds a short description of the impact and affected
                  cluster.
                maxLength: 255
                type: string
              suspend:
                description: Suspend tells the controller to suspend subsequent events
                  handling for this Alert.
                type: boolean
            required:
            - eventSources
            - providerRef
            type: object
          status:
            default:
              observedGeneration: -1
            description: AlertStatus defines the observed state of the Alert.
            properties:
              conditions:
                description: Conditions holds the conditions for the Alert.
                items:
                  description: "Condition contains details for one aspect of the current
                    state of this API Resource. --- This struct is intended for direct
                    use as an array at the field path .status.conditions.  For example,
                    \n type FooStatus struct{ // Represents the observations of a
                    foo's current state. // Known .status.conditions.type are: \"Available\",
                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                  properties:
                    lastTransitionTime:
                      description: lastTransitionTime is the last time the condition
                        transitioned from one status to another. This should be when
                        the underlying condition changed.  If that is not known, then
                        using the time when the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: message is a human readable message indicating
                        details about the transition. This may be an empty string.
                      maxLength: 32768
                      type: string
                    observedGeneration:
                      description: observedGeneration represents the .metadata.generation
                        that the condition was set based upon. For instance, if .metadata.generation
                        is currently 12, but the .status.conditions[x].observedGeneration
                        is 9, the condition is out of date with respect to the current
                        state of the instance.
                      format: int64
                      minimum: 0
                      type: integer
                    reason:
                      description: reason contains a programmatic identifier indicating
                        the reason for the condition's last transition. Producers
                        of specific condition types may define expected values and
                        meanings for this field, and whether the values are considered
                        a guaranteed API. The value should be a CamelCase string.
                        This field may not be empty.
                      maxLength: 1024
                      minLength: 1
                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
                      enum:
                      - "True"
                      - "False"
                      - Unknown
                      type: string
                    type:
                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
                        --- Many .condition.type values are consistent across resources
                        like Available, but because arbitrary conditions can be useful
                        (see .node.status.conditions), the ability to deconflict is
                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
                      maxLength: 316
                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
                      type: string
                  required:
                  - lastTransitionTime
                  - message
                  - reason
                  - status
                  - type
                  type: object
                type: array
              lastHandledReconcileAt:
                description: LastHandledReconcileAt holds the value of the most recent
                  reconcile request value, so a change of the annotation value can
                  be detected.
                type: string
              observedGeneration:
                description: ObservedGeneration is the last observed generation.
                format: int64
                type: integer
            type: object
        type: object
    served: true
    storage: true
    subresources:
      status: {}


@@ 238,12 443,13 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.7.0
    controller-gen.kubebuilder.io/version: v0.8.0
  creationTimestamp: null
  labels:
    app.kubernetes.io/component: source-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
  name: buckets.source.toolkit.fluxcd.io
spec:
  group: source.toolkit.fluxcd.io


@@ 405,13 611,12 @@ spec:
                  description: "Condition contains details for one aspect of the current
                    state of this API Resource. --- This struct is intended for direct
                    use as an array at the field path .status.conditions.  For example,
                    type FooStatus struct{     // Represents the observations of a
                    foo's current state.     // Known .status.conditions.type are:
                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
                    \n     // other fields }"
                    \n type FooStatus struct{ // Represents the observations of a
                    foo's current state. // Known .status.conditions.type are: \"Available\",
                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                  properties:
                    lastTransitionTime:
                      description: lastTransitionTime is the last time the condition


@@ 568,6 773,7 @@ spec:
                type: boolean
              interval:
                description: Interval at which to check the Endpoint for updates.
                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                type: string
              provider:
                default: generic


@@ 600,6 806,7 @@ spec:
              timeout:
                default: 60s
                description: Timeout for fetch operations, defaults to 60s.
                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
                type: string
            required:
            - bucketName


@@ 622,6 829,11 @@ spec:
                      the last update of the Artifact.
                    format: date-time
                    type: string
                  metadata:
                    additionalProperties:
                      type: string
                    description: Metadata holds upstream information such as OCI annotations.
                    type: object
                  path:
                    description: Path is the relative file path of the Artifact. It
                      can be used to locate the file in the root of the Artifact storage


@@ 652,13 864,12 @@ spec:
                  description: "Condition contains details for one aspect of the current
                    state of this API Resource. --- This struct is intended for direct
                    use as an array at the field path .status.conditions.  For example,
                    type FooStatus struct{     // Represents the observations of a
                    foo's current state.     // Known .status.conditions.type are:
                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
                    \n     // other fields }"
                    \n type FooStatus struct{ // Represents the observations of a
                    foo's current state. // Known .status.conditions.type are: \"Available\",
                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                  properties:
                    lastTransitionTime:
                      description: lastTransitionTime is the last time the condition


@@ 726,6 937,10 @@ spec:
                  the Bucket object.
                format: int64
                type: integer
              observedIgnore:
                description: ObservedIgnore is the observed exclusion patterns used
                  for constructing the source artifact.
                type: string
              url:
                description: URL is the dynamic fetch link for the latest Artifact.
                  It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact


@@ 748,12 963,13 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.7.0
    controller-gen.kubebuilder.io/version: v0.8.0
  creationTimestamp: null
  labels:
    app.kubernetes.io/component: source-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
  name: gitrepositories.source.toolkit.fluxcd.io
spec:
  group: source.toolkit.fluxcd.io


@@ 917,7 1133,7 @@ spec:
                type: string
              url:
                description: The repository URL, can be a HTTP/S or SSH address.
                pattern: ^(http|https|ssh)://
                pattern: ^(http|https|ssh)://.*$
                type: string
              verify:
                description: Verify OpenPGP signature for the Git commit HEAD points


@@ 984,13 1200,12 @@ spec:
                  description: "Condition contains details for one aspect of the current
                    state of this API Resource. --- This struct is intended for direct
                    use as an array at the field path .status.conditions.  For example,
                    type FooStatus struct{     // Represents the observations of a
                    foo's current state.     // Known .status.conditions.type are:
                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
                    \n     // other fields }"
                    \n type FooStatus struct{ // Represents the observations of a
                    foo's current state. // Known .status.conditions.type are: \"Available\",
                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                  properties:
                    lastTransitionTime:
                      description: lastTransitionTime is the last time the condition


@@ 1161,9 1376,10 @@ spec:
                type: object
              gitImplementation:
                default: go-git
                description: GitImplementation specifies which Git client library
                  implementation to use. Defaults to 'go-git', valid values are ('go-git',
                  'libgit2').
                description: 'GitImplementation specifies which Git client library
                  implementation to use. Defaults to ''go-git'', valid values are
                  (''go-git'', ''libgit2''). Deprecated: gitImplementation is deprecated
                  now that ''go-git'' is the only supported implementation.'
                enum:
                - go-git
                - libgit2


@@ 1206,6 1422,7 @@ spec:
                type: array
              interval:
                description: Interval at which to check the GitRepository for updates.
                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                type: string
              recurseSubmodules:
                description: RecurseSubmodules enables the initialization of all submodules


@@ 1257,11 1474,12 @@ spec:
                default: 60s
                description: Timeout for Git operations like cloning, defaults to
                  60s.
                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
                type: string
              url:
                description: URL specifies the Git repository URL, it can be an HTTP/S
                  or SSH address.
                pattern: ^(http|https|ssh)://
                pattern: ^(http|https|ssh)://.*$
                type: string
              verify:
                description: Verification specifies the configuration to verify the


@@ 1307,6 1525,11 @@ spec:
                      the last update of the Artifact.
                    format: date-time
                    type: string
                  metadata:
                    additionalProperties:
                      type: string
                    description: Metadata holds upstream information such as OCI annotations.
                    type: object
                  path:
                    description: Path is the relative file path of the Artifact. It
                      can be used to locate the file in the root of the Artifact storage


@@ 1337,13 1560,12 @@ spec:
                  description: "Condition contains details for one aspect of the current
                    state of this API Resource. --- This struct is intended for direct
                    use as an array at the field path .status.conditions.  For example,
                    type FooStatus struct{     // Represents the observations of a
                    foo's current state.     // Known .status.conditions.type are:
                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
                    \n     // other fields }"
                    \n type FooStatus struct{ // Represents the observations of a
                    foo's current state. // Known .status.conditions.type are: \"Available\",
                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                  properties:
                    lastTransitionTime:
                      description: lastTransitionTime is the last time the condition


@@ 1402,13 1624,14 @@ spec:
                  type: object
                type: array
              contentConfigChecksum:
                description: 'ContentConfigChecksum is a checksum of all the configurations
                  related to the content of the source artifact:  - .spec.ignore  -
                  .spec.recurseSubmodules  - .spec.included and the checksum of the
                description: "ContentConfigChecksum is a checksum of all the configurations
                  related to the content of the source artifact: - .spec.ignore -
                  .spec.recurseSubmodules - .spec.included and the checksum of the
                  included artifacts observed in .status.observedGeneration version
                  of the object. This can be used to determine if the content of the
                  included repository has changed. It has the format of `<algo>:<checksum>`,
                  for example: `sha256:<checksum>`.'
                  for example: `sha256:<checksum>`. \n Deprecated: Replaced with explicit
                  fields for observed artifact content config in the status."
                type: string
              includedArtifacts:
                description: IncludedArtifacts contains a list of the last successfully


@@ 1425,6 1648,12 @@ spec:
                        the last update of the Artifact.
                      format: date-time
                      type: string
                    metadata:
                      additionalProperties:
                        type: string
                      description: Metadata holds upstream information such as OCI
                        annotations.
                      type: object
                    path:
                      description: Path is the relative file path of the Artifact.
                        It can be used to locate the file in the root of the Artifact


@@ 1461,6 1690,44 @@ spec:
                  the GitRepository object.
                format: int64
                type: integer
              observedIgnore:
                description: ObservedIgnore is the observed exclusion patterns used
                  for constructing the source artifact.
                type: string
              observedInclude:
                description: ObservedInclude is the observed list of GitRepository
                  resources used to to produce the current Artifact.
                items:
                  description: GitRepositoryInclude specifies a local reference to
                    a GitRepository which Artifact (sub-)contents must be included,
                    and where they should be placed.
                  properties:
                    fromPath:
                      description: FromPath specifies the path to copy contents from,
                        defaults to the root of the Artifact.
                      type: string
                    repository:
                      description: GitRepositoryRef specifies the GitRepository which
                        Artifact contents must be included.
                      properties:
                        name:
                          description: Name of the referent.
                          type: string
                      required:
                      - name
                      type: object
                    toPath:
                      description: ToPath specifies the path to copy contents to,
                        defaults to the name of the GitRepositoryRef.
                      type: string
                  required:
                  - repository
                  type: object
                type: array
              observedRecurseSubmodules:
                description: ObservedRecurseSubmodules is the observed resource submodules
                  configuration used to produce the current Artifact.
                type: boolean
              url:
                description: URL is the dynamic fetch link for the latest Artifact.
                  It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact


@@ 1483,12 1750,13 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.7.0
    controller-gen.kubebuilder.io/version: v0.8.0
  creationTimestamp: null
  labels:
    app.kubernetes.io/component: source-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
  name: helmcharts.source.toolkit.fluxcd.io
spec:
  group: source.toolkit.fluxcd.io


@@ 1675,13 1943,12 @@ spec:
                  description: "Condition contains details for one aspect of the current
                    state of this API Resource. --- This struct is intended for direct
                    use as an array at the field path .status.conditions.  For example,
                    type FooStatus struct{     // Represents the observations of a
                    foo's current state.     // Known .status.conditions.type are:
                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
                    \n     // other fields }"
                    \n type FooStatus struct{ // Represents the observations of a
                    foo's current state. // Known .status.conditions.type are: \"Available\",
                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                  properties:
                    lastTransitionTime:
                      description: lastTransitionTime is the last time the condition


@@ 1834,6 2101,7 @@ spec:
              interval:
                description: Interval is the interval at which to check the Source
                  for updates.
                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                type: string
              reconcileStrategy:
                default: ChartVersion


@@ 1887,6 2155,34 @@ spec:
                items:
                  type: string
                type: array
              verify:
                description: Verify contains the secret name containing the trusted
                  public keys used to verify the signature and specifies which provider
                  to use to check whether OCI image is authentic. This field is only
                  supported when using HelmRepository source with spec.type 'oci'.
                  Chart dependencies, which are not bundled in the umbrella chart
                  artifact, are not verified.
                properties:
                  provider:
                    default: cosign
                    description: Provider specifies the technology used to sign the
                      OCI Artifact.
                    enum:
                    - cosign
                    type: string
                  secretRef:
                    description: SecretRef specifies the Kubernetes Secret containing
                      the trusted public keys.
                    properties:
                      name:
                        description: Name of the referent.
                        type: string
                    required:
                    - name
                    type: object
                required:
                - provider
                type: object
              version:
                default: '*'
                description: Version is the chart version semver expression, ignored


@@ 1915,6 2211,11 @@ spec:
                      the last update of the Artifact.
                    format: date-time
                    type: string
                  metadata:
                    additionalProperties:
                      type: string
                    description: Metadata holds upstream information such as OCI annotations.
                    type: object
                  path:
                    description: Path is the relative file path of the Artifact. It
                      can be used to locate the file in the root of the Artifact storage


@@ 1945,13 2246,12 @@ spec:
                  description: "Condition contains details for one aspect of the current
                    state of this API Resource. --- This struct is intended for direct
                    use as an array at the field path .status.conditions.  For example,
                    type FooStatus struct{     // Represents the observations of a
                    foo's current state.     // Known .status.conditions.type are:
                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
                    \n     // other fields }"
                    \n type FooStatus struct{ // Represents the observations of a
                    foo's current state. // Known .status.conditions.type are: \"Available\",
                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                  properties:
                    lastTransitionTime:
                      description: lastTransitionTime is the last time the condition


@@ 2049,38 2349,42 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.7.0
    controller-gen.kubebuilder.io/version: v0.8.0
  creationTimestamp: null
  labels:
    app.kubernetes.io/component: source-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
  name: helmreleases.helm.toolkit.fluxcd.io
    app.kubernetes.io/version: v0.38.3
  name: helmrepositories.source.toolkit.fluxcd.io
spec:
  group: helm.toolkit.fluxcd.io
  group: source.toolkit.fluxcd.io
  names:
    kind: HelmRelease
    listKind: HelmReleaseList
    plural: helmreleases
    kind: HelmRepository
    listKind: HelmRepositoryList
    plural: helmrepositories
    shortNames:
    - hr
    singular: helmrelease
    - helmrepo
    singular: helmrepository
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    - jsonPath: .spec.url
      name: URL
      type: string
    - jsonPath: .status.conditions[?(@.type=="Ready")].status
      name: Ready
      type: string
    - jsonPath: .status.conditions[?(@.type=="Ready")].message
      name: Status
      type: string
    name: v2beta1
    - jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    name: v1beta1
    schema:
      openAPIV3Schema:
        description: HelmRelease is the Schema for the helmreleases API
        description: HelmRepository is the Schema for the helmrepositories API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation


@@ 2095,689 2399,118 @@ spec:
          metadata:
            type: object
          spec:
            description: HelmReleaseSpec defines the desired state of a Helm release.
            description: HelmRepositorySpec defines the reference to a Helm repository.
            properties:
              chart:
                description: Chart defines the template of the v1beta2.HelmChart that
                  should be created for this HelmRelease.
              accessFrom:
                description: AccessFrom defines an Access Control List for allowing
                  cross-namespace references to this object.
                properties:
                  spec:
                    description: Spec holds the template for the v1beta2.HelmChartSpec
                      for this HelmRelease.
                    properties:
                      chart:
                        description: The name or path the Helm chart is available
                          at in the SourceRef.
                        type: string
                      interval:
                        description: Interval at which to check the v1beta2.Source
                          for updates. Defaults to 'HelmReleaseSpec.Interval'.
                        type: string
                      reconcileStrategy:
                        default: ChartVersion
                        description: Determines what enables the creation of a new
                          artifact. Valid values are ('ChartVersion', 'Revision').
                          See the documentation of the values for an explanation on
                          their behavior. Defaults to ChartVersion when omitted.
                        enum:
                        - ChartVersion
                        - Revision
                        type: string
                      sourceRef:
                        description: The name and namespace of the v1beta2.Source
                          the chart is available at.
                        properties:
                          apiVersion:
                            description: APIVersion of the referent.
                            type: string
                          kind:
                            description: Kind of the referent.
                            enum:
                            - HelmRepository
                            - GitRepository
                            - Bucket
                            type: string
                          name:
                            description: Name of the referent.
                            maxLength: 253
                            minLength: 1
                            type: string
                          namespace:
                            description: Namespace of the referent.
                            maxLength: 63
                            minLength: 1
                  namespaceSelectors:
                    description: NamespaceSelectors is the list of namespace selectors
                      to which this ACL applies. Items in this list are evaluated
                      using a logical OR operation.
                    items:
                      description: NamespaceSelector selects the namespaces to which
                        this ACL applies. An empty map of MatchLabels matches all
                        namespaces in a cluster.
                      properties:
                        matchLabels:
                          additionalProperties:
                            type: string
                        required:
                        - name
                        type: object
                      valuesFile:
                        description: Alternative values file to use as the default
                          chart values, expected to be a relative path in the SourceRef.
                          Deprecated in favor of ValuesFiles, for backwards compatibility
                          the file defined here is merged before the ValuesFiles items.
                          Ignored when omitted.
                        type: string
                      valuesFiles:
                        description: Alternative list of values files to use as the
                          chart values (values.yaml is not included by default), expected
                          to be a relative path in the SourceRef. Values files are
                          merged in the order of this list with the last file overriding
                          the first. Ignored when omitted.
                        items:
                          type: string
                        type: array
                      version:
                        default: '*'
                        description: Version semver expression, ignored for charts
                          from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults
                          to latest when omitted.
                        type: string
                    required:
                    - chart
                    - sourceRef
                    type: object
                          description: MatchLabels is a map of {key,value} pairs.
                            A single {key,value} in the matchLabels map is equivalent
                            to an element of matchExpressions, whose key field is
                            "key", the operator is "In", and the values array contains
                            only "value". The requirements are ANDed.
                          type: object
                      type: object
                    type: array
                required:
                - spec
                type: object
              dependsOn:
                description: DependsOn may contain a meta.NamespacedObjectReference
                  slice with references to HelmRelease resources that must be ready
                  before this HelmRelease can be reconciled.
                items:
                  description: NamespacedObjectReference contains enough information
                    to locate the referenced Kubernetes resource object in any namespace.
                  properties:
                    name:
                      description: Name of the referent.
                      type: string
                    namespace:
                      description: Namespace of the referent, when not specified it
                        acts as LocalObjectReference.
                      type: string
                  required:
                  - name
                  type: object
                type: array
              install:
                description: Install holds the configuration for Helm install actions
                  for this HelmRelease.
                properties:
                  crds:
                    description: "CRDs upgrade CRDs from the Helm Chart's crds directory
                      according to the CRD upgrade policy provided here. Valid values
                      are `Skip`, `Create` or `CreateReplace`. Default is `Create`
                      and if omitted CRDs are installed but not updated. \n Skip:
                      do neither install nor replace (update) any CRDs. \n Create:
                      new CRDs are created, existing CRDs are neither updated nor
                      deleted. \n CreateReplace: new CRDs are created, existing CRDs
                      are updated (replaced) but not deleted. \n By default, CRDs
                      are applied (installed) during Helm install action. With this
                      option users can opt-in to CRD replace existing CRDs on Helm
                      install actions, which is not (yet) natively supported by Helm.
                      https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
                    enum:
                    - Skip
                    - Create
                    - CreateReplace
                    type: string
                  createNamespace:
                    description: CreateNamespace tells the Helm install action to
                      create the HelmReleaseSpec.TargetNamespace if it does not exist
                      yet. On uninstall, the namespace will not be garbage collected.
                    type: boolean
                  disableHooks:
                    description: DisableHooks prevents hooks from running during the
                      Helm install action.
                    type: boolean
                  disableOpenAPIValidation:
                    description: DisableOpenAPIValidation prevents the Helm install
                      action from validating rendered templates against the Kubernetes
                      OpenAPI Schema.
                    type: boolean
                  disableWait:
                    description: DisableWait disables the waiting for resources to
                      be ready after a Helm install has been performed.
                    type: boolean
                  disableWaitForJobs:
                    description: DisableWaitForJobs disables waiting for jobs to complete
                      after a Helm install has been performed.
                    type: boolean
                  remediation:
                    description: Remediation holds the remediation configuration for
                      when the Helm install action for the HelmRelease fails. The
                      default is to not perform any action.
                    properties:
                      ignoreTestFailures:
                        description: IgnoreTestFailures tells the controller to skip
                          remediation when the Helm tests are run after an install
                          action but fail. Defaults to 'Test.IgnoreFailures'.
                        type: boolean
                      remediateLastFailure:
                        description: RemediateLastFailure tells the controller to
                          remediate the last failure, when no retries remain. Defaults
                          to 'false'.
                        type: boolean
                      retries:
                        description: Retries is the number of retries that should
                          be attempted on failures before bailing. Remediation, using
                          an uninstall, is performed between each attempt. Defaults
                          to '0', a negative integer equals to unlimited retries.
                        type: integer
                    type: object
                  replace:
                    description: Replace tells the Helm install action to re-use the
                      'ReleaseName', but only if that name is a deleted release which
                      remains in the history.
                    type: boolean
                  skipCRDs:
                    description: "SkipCRDs tells the Helm install action to not install
                      any CRDs. By default, CRDs are installed if not already present.
                      \n Deprecated use CRD policy (`crds`) attribute with value `Skip`
                      instead."
                    type: boolean
                  timeout:
                    description: Timeout is the time to wait for any individual Kubernetes
                      operation (like Jobs for hooks) during the performance of a
                      Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.
                    type: string
                - namespaceSelectors
                type: object
              interval:
                description: Interval at which to reconcile the Helm release.
                type: string
              kubeConfig:
                description: KubeConfig for reconciling the HelmRelease on a remote
                  cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,
                  forces the controller to act on behalf of that Service Account at
                  the target cluster. If the --default-service-account flag is set,
                  its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName
                  is empty.
                properties:
                  secretRef:
                    description: SecretRef holds the name to a secret that contains
                      a key with the kubeconfig file as the value. If no key is specified
                      the key will default to 'value'. The secret must be in the same
                      namespace as the HelmRelease. It is recommended that the kubeconfig
                      is self-contained, and the secret is regularly updated if credentials
                      such as a cloud-access-token expire. Cloud specific `cmd-path`
                      auth helpers will not function without adding binaries and credentials
                      to the Pod that is responsible for reconciling the HelmRelease.
                    properties:
                      key:
                        description: Key in the Secret, when not specified an implementation-specific
                          default key is used.
                        type: string
                      name:
                        description: Name of the Secret.
                        type: string
                    required:
                    - name
                    type: object
                type: object
              maxHistory:
                description: MaxHistory is the number of revisions saved by Helm for
                  this HelmRelease. Use '0' for an unlimited number of revisions;
                  defaults to '10'.
                type: integer
              postRenderers:
                description: PostRenderers holds an array of Helm PostRenderers, which
                  will be applied in order of their definition.
                items:
                  description: PostRenderer contains a Helm PostRenderer specification.
                  properties:
                    kustomize:
                      description: Kustomization to apply as PostRenderer.
                      properties:
                        images:
                          description: Images is a list of (image name, new name,
                            new tag or digest) for changing image names, tags or digests.
                            This can also be achieved with a patch, but this operator
                            is simpler to specify.
                          items:
                            description: Image contains an image name, a new name,
                              a new tag or digest, which will replace the original
                              name and tag.
                            properties:
                              digest:
                                description: Digest is the value used to replace the
                                  original image tag. If digest is present NewTag
                                  value is ignored.
                                type: string
                              name:
                                description: Name is a tag-less image name.
                                type: string
                              newName:
                                description: NewName is the value used to replace
                                  the original name.
                                type: string
                              newTag:
                                description: NewTag is the value used to replace the
                                  original tag.
                                type: string
                            required:
                            - name
                            type: object
                          type: array
                        patches:
                          description: Strategic merge and JSON patches, defined as
                            inline YAML objects, capable of targeting objects based
                            on kind, label and annotation selectors.
                          items:
                            description: Patch contains an inline StrategicMerge or
                              JSON6902 patch, and the target the patch should be applied
                              to.
                            properties:
                              patch:
                                description: Patch contains an inline StrategicMerge
                                  patch or an inline JSON6902 patch with an array
                                  of operation objects.
                                type: string
                              target:
                                description: Target points to the resources that the
                                  patch document should be applied to.
                                properties:
                                  annotationSelector:
                                    description: AnnotationSelector is a string that
                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
                                      It matches with the resource annotations.
                                    type: string
                                  group:
                                    description: Group is the API group to select
                                      resources from. Together with Version and Kind
                                      it is capable of unambiguously identifying and/or
                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
                                    type: string
                                  kind:
                                    description: Kind of the API Group to select resources
                                      from. Together with Group and Version it is
                                      capable of unambiguously identifying and/or
                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
                                    type: string
                                  labelSelector:
                                    description: LabelSelector is a string that follows
                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
                                      It matches with the resource labels.
                                    type: string
                                  name:
                                    description: Name to match resources with.
                                    type: string
                                  namespace:
                                    description: Namespace to select resources from.
                                    type: string
                                  version:
                                    description: Version of the API Group to select
                                      resources from. Together with Group and Kind
                                      it is capable of unambiguously identifying and/or
                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
                                    type: string
                                type: object
                            type: object
                          type: array
                        patchesJson6902:
                          description: JSON 6902 patches, defined as inline YAML objects.
                          items:
                            description: JSON6902Patch contains a JSON6902 patch and
                              the target the patch should be applied to.
                            properties:
                              patch:
                                description: Patch contains the JSON6902 patch document
                                  with an array of operation objects.
                                items:
                                  description: JSON6902 is a JSON6902 operation object.
                                    https://datatracker.ietf.org/doc/html/rfc6902#section-4
                                  properties:
                                    from:
                                      description: From contains a JSON-pointer value
                                        that references a location within the target
                                        document where the operation is performed.
                                        The meaning of the value depends on the value
                                        of Op, and is NOT taken into account by all
                                        operations.
                                      type: string
                                    op:
                                      description: Op indicates the operation to perform.
                                        Its value MUST be one of "add", "remove",
                                        "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
                                      enum:
                                      - test
                                      - remove
                                      - add
                                      - replace
                                      - move
                                      - copy
                                      type: string
                                    path:
                                      description: Path contains the JSON-pointer
                                        value that references a location within the
                                        target document where the operation is performed.
                                        The meaning of the value depends on the value
                                        of Op.
                                      type: string
                                    value:
                                      description: Value contains a valid JSON structure.
                                        The meaning of the value depends on the value
                                        of Op, and is NOT taken into account by all
                                        operations.
                                      x-kubernetes-preserve-unknown-fields: true
                                  required:
                                  - op
                                  - path
                                  type: object
                                type: array
                              target:
                                description: Target points to the resources that the
                                  patch document should be applied to.
                                properties:
                                  annotationSelector:
                                    description: AnnotationSelector is a string that
                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
                                      It matches with the resource annotations.
                                    type: string
                                  group:
                                    description: Group is the API group to select
                                      resources from. Together with Version and Kind
                                      it is capable of unambiguously identifying and/or
                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
                                    type: string
                                  kind:
                                    description: Kind of the API Group to select resources
                                      from. Together with Group and Version it is
                                      capable of unambiguously identifying and/or
                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
                                    type: string
                                  labelSelector:
                                    description: LabelSelector is a string that follows
                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
                                      It matches with the resource labels.
                                    type: string
                                  name:
                                    description: Name to match resources with.
                                    type: string
                                  namespace:
                                    description: Namespace to select resources from.
                                    type: string
                                  version:
                                    description: Version of the API Group to select
                                      resources from. Together with Group and Kind
                                      it is capable of unambiguously identifying and/or
                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
                                    type: string
                                type: object
                            required:
                            - patch
                            - target
                            type: object
                          type: array
                        patchesStrategicMerge:
                          description: Strategic merge patches, defined as inline
                            YAML objects.
                          items:
                            x-kubernetes-preserve-unknown-fields: true
                          type: array
                      type: object
                  type: object
                type: array
              releaseName:
                description: ReleaseName used for the Helm release. Defaults to a
                  composition of '[TargetNamespace-]Name'.
                maxLength: 53
                minLength: 1
                description: The interval at which to check the upstream for updates.
                type: string
              rollback:
                description: Rollback holds the configuration for Helm rollback actions
                  for this HelmRelease.
              passCredentials:
                description: PassCredentials allows the credentials from the SecretRef
                  to be passed on to a host that does not match the host as defined
                  in URL. This may be required if the host of the advertised chart
                  URLs in the index differ from the defined URL. Enabling this should
                  be done with caution, as it can potentially result in credentials
                  getting stolen in a MITM-attack.
                type: boolean
              secretRef:
                description: The name of the secret containing authentication credentials
                  for the Helm repository. For HTTP/S basic auth the secret must contain
                  username and password fields. For TLS the secret must contain a
                  certFile and keyFile, and/or caCert fields.
                properties:
                  cleanupOnFail:
                    description: CleanupOnFail allows deletion of new resources created
                      during the Helm rollback action when it fails.
                    type: boolean
                  disableHooks:
                    description: DisableHooks prevents hooks from running during the
                      Helm rollback action.
                    type: boolean
                  disableWait:
                    description: DisableWait disables the waiting for resources to
                      be ready after a Helm rollback has been performed.
                    type: boolean
                  disableWaitForJobs:
                    description: DisableWaitForJobs disables waiting for jobs to complete
                      after a Helm rollback has been performed.
                    type: boolean
                  force:
                    description: Force forces resource updates through a replacement
                      strategy.
                    type: boolean
                  recreate:
                    description: Recreate performs pod restarts for the resource if
                      applicable.
                    type: boolean
                  timeout:
                    description: Timeout is the time to wait for any individual Kubernetes
                      operation (like Jobs for hooks) during the performance of a
                      Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.
                  name:
                    description: Name of the referent.
                    type: string
                required:
                - name
                type: object
              serviceAccountName:
                description: The name of the Kubernetes service account to impersonate
                  when reconciling this HelmRelease.
                type: string
              storageNamespace:
                description: StorageNamespace used for the Helm storage. Defaults
                  to the namespace of the HelmRelease.
                maxLength: 63
                minLength: 1
                type: string
              suspend:
                description: Suspend tells the controller to suspend reconciliation
                  for this HelmRelease, it does not apply to already started reconciliations.
                  Defaults to false.
                description: This flag tells the controller to suspend the reconciliation
                  of this source.
                type: boolean
              targetNamespace:
                description: TargetNamespace to target when performing operations
                  for the HelmRelease. Defaults to the namespace of the HelmRelease.
                maxLength: 63
                minLength: 1
                type: string
              test:
                description: Test holds the configuration for Helm test actions for
                  this HelmRelease.
                properties:
                  enable:
                    description: Enable enables Helm test actions for this HelmRelease
                      after an Helm install or upgrade action has been performed.
                    type: boolean
                  ignoreFailures:
                    description: IgnoreFailures tells the controller to skip remediation
                      when the Helm tests are run but fail. Can be overwritten for
                      tests run after install or upgrade actions in 'Install.IgnoreTestFailures'
                      and 'Upgrade.IgnoreTestFailures'.
                    type: boolean
                  timeout:
                    description: Timeout is the time to wait for any individual Kubernetes
                      operation during the performance of a Helm test action. Defaults
                      to 'HelmReleaseSpec.Timeout'.
                    type: string
                type: object
              timeout:
                description: Timeout is the time to wait for any individual Kubernetes
                  operation (like Jobs for hooks) during the performance of a Helm
                  action. Defaults to '5m0s'.
                default: 60s
                description: The timeout of index downloading, defaults to 60s.
                type: string
              url:
                description: The Helm repository URL, a valid URL contains at least
                  a protocol and host.
                type: string
              uninstall:
                description: Uninstall holds the configuration for Helm uninstall
                  actions for this HelmRelease.
                properties:
                  disableHooks:
                    description: DisableHooks prevents hooks from running during the
                      Helm rollback action.
                    type: boolean
                  disableWait:
                    description: DisableWait disables waiting for all the resources
                      to be deleted after a Helm uninstall is performed.
                    type: boolean
                  keepHistory:
                    description: KeepHistory tells Helm to remove all associated resources
                      and mark the release as deleted, but retain the release history.
                    type: boolean
                  timeout:
                    description: Timeout is the time to wait for any individual Kubernetes
                      operation (like Jobs for hooks) during the performance of a
                      Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.
                    type: string
                type: object
              upgrade:
                description: Upgrade holds the configuration for Helm upgrade actions
                  for this HelmRelease.
                properties:
                  cleanupOnFail:
                    description: CleanupOnFail allows deletion of new resources created
                      during the Helm upgrade action when it fails.
                    type: boolean
                  crds:
                    description: "CRDs upgrade CRDs from the Helm Chart's crds directory
                      according to the CRD upgrade policy provided here. Valid values
                      are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and
                      if omitted CRDs are neither installed nor upgraded. \n Skip:
                      do neither install nor replace (update) any CRDs. \n Create:
                      new CRDs are created, existing CRDs are neither updated nor
                      deleted. \n CreateReplace: new CRDs are created, existing CRDs
                      are updated (replaced) but not deleted. \n By default, CRDs
                      are not applied during Helm upgrade action. With this option
                      users can opt-in to CRD upgrade, which is not (yet) natively
                      supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
                    enum:
                    - Skip
                    - Create
                    - CreateReplace
                    type: string
                  disableHooks:
                    description: DisableHooks prevents hooks from running during the
                      Helm upgrade action.
                    type: boolean
                  disableOpenAPIValidation:
                    description: DisableOpenAPIValidation prevents the Helm upgrade
                      action from validating rendered templates against the Kubernetes
                      OpenAPI Schema.
                    type: boolean
                  disableWait:
                    description: DisableWait disables the waiting for resources to
                      be ready after a Helm upgrade has been performed.
                    type: boolean
                  disableWaitForJobs:
                    description: DisableWaitForJobs disables waiting for jobs to complete
                      after a Helm upgrade has been performed.
                    type: boolean
                  force:
                    description: Force forces resource updates through a replacement
                      strategy.
                    type: boolean
                  preserveValues:
                    description: PreserveValues will make Helm reuse the last release's
                      values and merge in overrides from 'Values'. Setting this flag
                      makes the HelmRelease non-declarative.
                    type: boolean
                  remediation:
                    description: Remediation holds the remediation configuration for
                      when the Helm upgrade action for the HelmRelease fails. The
                      default is to not perform any action.
                    properties:
                      ignoreTestFailures:
                        description: IgnoreTestFailures tells the controller to skip
                          remediation when the Helm tests are run after an upgrade
                          action but fail. Defaults to 'Test.IgnoreFailures'.
                        type: boolean
                      remediateLastFailure:
                        description: RemediateLastFailure tells the controller to
                          remediate the last failure, when no retries remain. Defaults
                          to 'false' unless 'Retries' is greater than 0.
                        type: boolean
                      retries:
                        description: Retries is the number of retries that should
                          be attempted on failures before bailing. Remediation, using
                          'Strategy', is performed between each attempt. Defaults
                          to '0', a negative integer equals to unlimited retries.
                        type: integer
                      strategy:
                        description: Strategy to use for failure remediation. Defaults
                          to 'rollback'.
                        enum:
                        - rollback
                        - uninstall
                        type: string
                    type: object
                  timeout:
                    description: Timeout is the time to wait for any individual Kubernetes
                      operation (like Jobs for hooks) during the performance of a
                      Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.
                    type: string
                type: object
              values:
                description: Values holds the values for this Helm release.
                x-kubernetes-preserve-unknown-fields: true
              valuesFrom:
                description: ValuesFrom holds references to resources containing Helm
                  values for this HelmRelease, and information about how they should
                  be merged.
                items:
                  description: ValuesReference contains a reference to a resource
                    containing Helm values, and optionally the key they can be found
                    at.
                  properties:
                    kind:
                      description: Kind of the values referent, valid values are ('Secret',
                        'ConfigMap').
                      enum:
                      - Secret
                      - ConfigMap
                      type: string
                    name:
                      description: Name of the values referent. Should reside in the
                        same namespace as the referring resource.
                      maxLength: 253
                      minLength: 1
                      type: string
                    optional:
                      description: Optional marks this ValuesReference as optional.
                        When set, a not found error for the values reference is ignored,
                        but any ValuesKey, TargetPath or transient error will still
                        result in a reconciliation failure.
                      type: boolean
                    targetPath:
                      description: TargetPath is the YAML dot notation path the value
                        should be merged at. When set, the ValuesKey is expected to
                        be a single flat value. Defaults to 'None', which results
                        in the values getting merged at the root.
                      type: string
                    valuesKey:
                      description: ValuesKey is the data key where the values.yaml
                        or a specific value can be found at. Defaults to 'values.yaml'.
                      type: string
                  required:
                  - kind
                  - name
                  type: object
                type: array
            required:
            - chart
            - interval
            - url
            type: object
          status:
            default:
              observedGeneration: -1
            description: HelmReleaseStatus defines the observed state of a HelmRelease.
            description: HelmRepositoryStatus defines the observed state of the HelmRepository.
            properties:
              artifact:
                description: Artifact represents the output of the last successful
                  repository sync.
                properties:
                  checksum:
                    description: Checksum is the SHA256 checksum of the artifact.
                    type: string
                  lastUpdateTime:
                    description: LastUpdateTime is the timestamp corresponding to
                      the last update of this artifact.
                    format: date-time
                    type: string
                  path:
                    description: Path is the relative file path of this artifact.
                    type: string
                  revision:
                    description: Revision is a human readable identifier traceable
                      in the origin source system. It can be a Git commit SHA, Git
                      tag, a Helm index timestamp, a Helm chart version, etc.
                    type: string
                  url:
                    description: URL is the HTTP address of this artifact.
                    type: string
                required:
                - path
                - url
                type: object
              conditions:
                description: Conditions holds the conditions for the HelmRelease.
                description: Conditions holds the conditions for the HelmRepository.
                items:
                  description: "Condition contains details for one aspect of the current
                    state of this API Resource. --- This struct is intended for direct
                    use as an array at the field path .status.conditions.  For example,
                    type FooStatus struct{     // Represents the observations of a
                    foo's current state.     // Known .status.conditions.type are:
                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
                    \n     // other fields }"
                    \n type FooStatus struct{ // Represents the observations of a
                    foo's current state. // Known .status.conditions.type are: \"Available\",
                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                  properties:
                    lastTransitionTime:
                      description: lastTransitionTime is the last time the condition


@@ 2835,102 2568,41 @@ spec:
                  - type
                  type: object
                type: array
              failures:
                description: Failures is the reconciliation failure count against
                  the latest desired state. It is reset after a successful reconciliation.
                format: int64
                type: integer
              helmChart:
                description: HelmChart is the namespaced name of the HelmChart resource
                  created by the controller for the HelmRelease.
                type: string
              installFailures:
                description: InstallFailures is the install failure count against
                  the latest desired state. It is reset after a successful reconciliation.
                format: int64
                type: integer
              lastAppliedRevision:
                description: LastAppliedRevision is the revision of the last successfully
                  applied source.
                type: string
              lastAttemptedRevision:
                description: LastAttemptedRevision is the revision of the last reconciliation
                  attempt.
                type: string
              lastAttemptedValuesChecksum:
                description: LastAttemptedValuesChecksum is the SHA1 checksum of the
                  values of the last reconciliation attempt.
                type: string
              lastHandledReconcileAt:
                description: LastHandledReconcileAt holds the value of the most recent
                  reconcile request value, so a change of the annotation value can
                  be detected.
                type: string
              lastReleaseRevision:
                description: LastReleaseRevision is the revision of the last successful
                  Helm release.
                type: integer
              observedGeneration:
                description: ObservedGeneration is the last observed generation.
                format: int64
                type: integer
              upgradeFailures:
                description: UpgradeFailures is the upgrade failure count against
                  the latest desired state. It is reset after a successful reconciliation.
                format: int64
                type: integer
              url:
                description: URL is the download link for the last index fetched.
                type: string
            type: object
        type: object
    served: true
    storage: true
    storage: false
    subresources:
      status: {}
status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.7.0
  creationTimestamp: null
  labels:
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
  name: helmrepositories.source.toolkit.fluxcd.io
spec:
  group: source.toolkit.fluxcd.io
  names:
    kind: HelmRepository
    listKind: HelmRepositoryList
    plural: helmrepositories
    shortNames:
    - helmrepo
    singular: helmrepository
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - jsonPath: .spec.url
      name: URL
      type: string
    - jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    - jsonPath: .status.conditions[?(@.type=="Ready")].status
      name: Ready
      type: string
    - jsonPath: .status.conditions[?(@.type=="Ready")].message
      name: Status
      type: string
    - jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    name: v1beta1
    name: v1beta2
    schema:
      openAPIV3Schema:
        description: HelmRepository is the Schema for the helmrepositories API
        description: HelmRepository is the Schema for the helmrepositories API.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation


@@ 2945,232 2617,13 @@ spec:
          metadata:
            type: object
          spec:
            description: HelmRepositorySpec defines the reference to a Helm repository.
            description: HelmRepositorySpec specifies the required configuration to
              produce an Artifact for a Helm repository index YAML.
            properties:
              accessFrom:
                description: AccessFrom defines an Access Control List for allowing
                  cross-namespace references to this object.
                properties:
                  namespaceSelectors:
                    description: NamespaceSelectors is the list of namespace selectors
                      to which this ACL applies. Items in this list are evaluated
                      using a logical OR operation.
                    items:
                      description: NamespaceSelector selects the namespaces to which
                        this ACL applies. An empty map of MatchLabels matches all
                        namespaces in a cluster.
                      properties:
                        matchLabels:
                          additionalProperties:
                            type: string
                          description: MatchLabels is a map of {key,value} pairs.
                            A single {key,value} in the matchLabels map is equivalent
                            to an element of matchExpressions, whose key field is
                            "key", the operator is "In", and the values array contains
                            only "value". The requirements are ANDed.
                          type: object
                      type: object
                    type: array
                required:
                - namespaceSelectors
                type: object
              interval:
                description: The interval at which to check the upstream for updates.
                type: string
              passCredentials:
                description: PassCredentials allows the credentials from the SecretRef
                  to be passed on to a host that does not match the host as defined
                  in URL. This may be required if the host of the advertised chart
                  URLs in the index differ from the defined URL. Enabling this should
                  be done with caution, as it can potentially result in credentials
                  getting stolen in a MITM-attack.
                type: boolean
              secretRef:
                description: The name of the secret containing authentication credentials
                  for the Helm repository. For HTTP/S basic auth the secret must contain
                  username and password fields. For TLS the secret must contain a
                  certFile and keyFile, and/or caCert fields.
                properties:
                  name:
                    description: Name of the referent.
                    type: string
                required:
                - name
                type: object
              suspend:
                description: This flag tells the controller to suspend the reconciliation
                  of this source.
                type: boolean
              timeout:
                default: 60s
                description: The timeout of index downloading, defaults to 60s.
                type: string
              url:
                description: The Helm repository URL, a valid URL contains at least
                  a protocol and host.
                type: string
            required:
            - interval
            - url
            type: object
          status:
            default:
              observedGeneration: -1
            description: HelmRepositoryStatus defines the observed state of the HelmRepository.
            properties:
              artifact:
                description: Artifact represents the output of the last successful
                  repository sync.
                properties:
                  checksum:
                    description: Checksum is the SHA256 checksum of the artifact.
                    type: string
                  lastUpdateTime:
                    description: LastUpdateTime is the timestamp corresponding to
                      the last update of this artifact.
                    format: date-time
                    type: string
                  path:
                    description: Path is the relative file path of this artifact.
                    type: string
                  revision:
                    description: Revision is a human readable identifier traceable
                      in the origin source system. It can be a Git commit SHA, Git
                      tag, a Helm index timestamp, a Helm chart version, etc.
                    type: string
                  url:
                    description: URL is the HTTP address of this artifact.
                    type: string
                required:
                - path
                - url
                type: object
              conditions:
                description: Conditions holds the conditions for the HelmRepository.
                items:
                  description: "Condition contains details for one aspect of the current
                    state of this API Resource. --- This struct is intended for direct
                    use as an array at the field path .status.conditions.  For example,
                    type FooStatus struct{     // Represents the observations of a
                    foo's current state.     // Known .status.conditions.type are:
                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
                    \n     // other fields }"
                  properties:
                    lastTransitionTime:
                      description: lastTransitionTime is the last time the condition
                        transitioned from one status to another. This should be when
                        the underlying condition changed.  If that is not known, then
                        using the time when the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: message is a human readable message indicating
                        details about the transition. This may be an empty string.
                      maxLength: 32768
                      type: string
                    observedGeneration:
                      description: observedGeneration represents the .metadata.generation
                        that the condition was set based upon. For instance, if .metadata.generation
                        is currently 12, but the .status.conditions[x].observedGeneration
                        is 9, the condition is out of date with respect to the current
                        state of the instance.
                      format: int64
                      minimum: 0
                      type: integer
                    reason:
                      description: reason contains a programmatic identifier indicating
                        the reason for the condition's last transition. Producers
                        of specific condition types may define expected values and
                        meanings for this field, and whether the values are considered
                        a guaranteed API. The value should be a CamelCase string.
                        This field may not be empty.
                      maxLength: 1024
                      minLength: 1
                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
                      enum:
                      - "True"
                      - "False"
                      - Unknown
                      type: string
                    type:
                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
                        --- Many .condition.type values are consistent across resources
                        like Available, but because arbitrary conditions can be useful
                        (see .node.status.conditions), the ability to deconflict is
                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
                      maxLength: 316
                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
                      type: string
                  required:
                  - lastTransitionTime
                  - message
                  - reason
                  - status
                  - type
                  type: object
                type: array
              lastHandledReconcileAt:
                description: LastHandledReconcileAt holds the value of the most recent
                  reconcile request value, so a change of the annotation value can
                  be detected.
                type: string
              observedGeneration:
                description: ObservedGeneration is the last observed generation.
                format: int64
                type: integer
              url:
                description: URL is the download link for the last index fetched.
                type: string
            type: object
        type: object
    served: true
    storage: false
    subresources:
      status: {}
  - additionalPrinterColumns:
    - jsonPath: .spec.url
      name: URL
      type: string
    - jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    - jsonPath: .status.conditions[?(@.type=="Ready")].status
      name: Ready
      type: string
    - jsonPath: .status.conditions[?(@.type=="Ready")].message
      name: Status
      type: string
    name: v1beta2
    schema:
      openAPIV3Schema:
        description: HelmRepository is the Schema for the helmrepositories API.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: HelmRepositorySpec specifies the required configuration to
              produce an Artifact for a Helm repository index YAML.
            properties:
              accessFrom:
                description: 'AccessFrom specifies an Access Control List for allowing
                  cross-namespace references to this object. NOTE: Not implemented,
                  provisional as of https://github.com/fluxcd/flux2/pull/2092'
                description: 'AccessFrom specifies an Access Control List for allowing
                  cross-namespace references to this object. NOTE: Not implemented,
                  provisional as of https://github.com/fluxcd/flux2/pull/2092'
                properties:
                  namespaceSelectors:
                    description: NamespaceSelectors is the list of namespace selectors


@@ 3197,6 2650,7 @@ spec:
                type: object
              interval:
                description: Interval at which to check the URL for updates.
                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                type: string
              passCredentials:
                description: PassCredentials allows the credentials from the SecretRef


@@ 3206,6 2660,18 @@ spec:
                  be done with caution, as it can potentially result in credentials
                  getting stolen in a MITM-attack.
                type: boolean
              provider:
                default: generic
                description: Provider used for authentication, can be 'aws', 'azure',
                  'gcp' or 'generic'. This field is optional, and only taken into
                  account if the .spec.type field is set to 'oci'. When not specified,
                  defaults to 'generic'.
                enum:
                - generic
                - aws
                - azure
                - gcp
                type: string
              secretRef:
                description: SecretRef specifies the Secret containing authentication
                  credentials for the HelmRepository. For HTTP/S basic auth the secret


@@ 3224,7 2690,10 @@ spec:
                type: boolean
              timeout:
                default: 60s
                description: Timeout of the index fetch operation, defaults to 60s.
                description: Timeout is used for the index fetch operation for an
                  HTTPS helm repository, and for remote OCI Repository operations
                  like pulling for an OCI helm repository. Its default value is 60s.
                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
                type: string
              type:
                description: Type of the HelmRepository. When this field is set to  "oci",


@@ 3258,6 2727,11 @@ spec:
                      the last update of the Artifact.
                    format: date-time
                    type: string
                  metadata:
                    additionalProperties:
                      type: string
                    description: Metadata holds upstream information such as OCI annotations.
                    type: object
                  path:
                    description: Path is the relative file path of the Artifact. It
                      can be used to locate the file in the root of the Artifact storage


@@ 3288,13 2762,12 @@ spec:
                  description: "Condition contains details for one aspect of the current
                    state of this API Resource. --- This struct is intended for direct
                    use as an array at the field path .status.conditions.  For example,
                    type FooStatus struct{     // Represents the observations of a
                    foo's current state.     // Known .status.conditions.type are:
                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
                    \n     // other fields }"
                    \n type FooStatus struct{ // Represents the observations of a
                    foo's current state. // Known .status.conditions.type are: \"Available\",
                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                  properties:
                    lastTransitionTime:
                      description: lastTransitionTime is the last time the condition


@@ 3384,12 2857,13 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.7.0
    controller-gen.kubebuilder.io/version: v0.8.0
  creationTimestamp: null
  labels:
    app.kubernetes.io/component: kustomize-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
  name: kustomizations.kustomize.toolkit.fluxcd.io
spec:
  group: kustomize.toolkit.fluxcd.io


@@ 3825,13 3299,12 @@ spec:
                  description: "Condition contains details for one aspect of the current
                    state of this API Resource. --- This struct is intended for direct
                    use as an array at the field path .status.conditions.  For example,
                    type FooStatus struct{     // Represents the observations of a
                    foo's current state.     // Known .status.conditions.type are:
                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
                    \n     // other fields }"
                    \n type FooStatus struct{ // Represents the observations of a
                    foo's current state. // Known .status.conditions.type are: \"Available\",
                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                  properties:
                    lastTransitionTime:
                      description: lastTransitionTime is the last time the condition


@@ 3971,6 3444,12 @@ spec:
            description: KustomizationSpec defines the configuration to calculate
              the desired state from a Source using Kustomize.
            properties:
              components:
                description: Components specifies relative paths to specifications
                  of other Components
                items:
                  type: string
                type: array
              decryption:
                description: Decrypt Kubernetes secrets before applying them on the
                  cluster.


@@ 4072,6 3551,7 @@ spec:
                type: array
              interval:
                description: The interval at which to reconcile the Kustomization.
                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                type: string
              kubeConfig:
                description: The KubeConfig for reconciling the Kustomization on a


@@ 4084,12 3564,12 @@ spec:
                  secretRef:
                    description: SecretRef holds the name of a secret that contains
                      a key with the kubeconfig file as the value. If no key is set,
                      the key will default to 'value'. The secret must be in the same
                      namespace as the Kustomization. It is recommended that the kubeconfig
                      is self-contained, and the secret is regularly updated if credentials
                      such as a cloud-access-token expire. Cloud specific `cmd-path`
                      auth helpers will not function without adding binaries and credentials
                      to the Pod that is responsible for reconciling the Kustomization.
                      the key will default to 'value'. It is recommended that the
                      kubeconfig is self-contained, and the secret is regularly updated
                      if credentials such as a cloud-access-token expire. Cloud specific
                      `cmd-path` auth helpers will not function without adding binaries
                      and credentials to the Pod that is responsible for reconciling
                      Kubernetes resources.
                    properties:
                      key:
                        description: Key in the Secret, when not specified an implementation-specific


@@ 4101,6 3581,8 @@ spec:
                    required:
                    - name
                    type: object
                required:
                - secretRef
                type: object
              patches:
                description: Strategic merge and JSON patches, defined as inline YAML


@@ 4311,6 3793,7 @@ spec:
                description: The interval at which to retry a previously failed reconciliation.
                  When not specified, the controller uses the KustomizationSpec.Interval
                  value to retry failures.
                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                type: string
              serviceAccountName:
                description: The name of the Kubernetes service account to impersonate


@@ 4326,6 3809,7 @@ spec:
                  kind:
                    description: Kind of the referent.
                    enum:
                    - OCIRepository
                    - GitRepository
                    - Bucket
                    type: string


@@ 4354,6 3838,7 @@ spec:
              timeout:
                description: Timeout for validation, apply and health checking operations.
                  Defaults to 'Interval' duration.
                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                type: string
              validation:
                description: 'Deprecated: Not used in v1beta2.'


@@ 4382,13 3867,12 @@ spec:
                  description: "Condition contains details for one aspect of the current
                    state of this API Resource. --- This struct is intended for direct
                    use as an array at the field path .status.conditions.  For example,
                    type FooStatus struct{     // Represents the observations of a
                    foo's current state.     // Known .status.conditions.type are:
                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
                    \n     // other fields }"
                    \n type FooStatus struct{ // Represents the observations of a
                    foo's current state. // Known .status.conditions.type are: \"Available\",
                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                  properties:
                    lastTransitionTime:
                      description: lastTransitionTime is the last time the condition


@@ 4506,36 3990,814 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.7.0
    controller-gen.kubebuilder.io/version: v0.8.0
  creationTimestamp: null
  labels:
    app.kubernetes.io/component: source-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
  name: providers.notification.toolkit.fluxcd.io
    app.kubernetes.io/version: v0.38.3
  name: ocirepositories.source.toolkit.fluxcd.io
spec:
  group: notification.toolkit.fluxcd.io
  group: source.toolkit.fluxcd.io
  names:
    kind: Provider
    listKind: ProviderList
    plural: providers
    singular: provider
    kind: OCIRepository
    listKind: OCIRepositoryList
    plural: ocirepositories
    shortNames:
    - ocirepo
    singular: ocirepository
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    - jsonPath: .spec.url
      name: URL
      type: string
    - jsonPath: .status.conditions[?(@.type=="Ready")].status
      name: Ready
      type: string
    - jsonPath: .status.conditions[?(@.type=="Ready")].message
      name: Status
      type: string
    name: v1beta1
    - jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    name: v1beta2
    schema:
      openAPIV3Schema:
        description: Provider is the Schema for the providers API
        description: OCIRepository is the Schema for the ocirepositories API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: OCIRepositorySpec defines the desired state of OCIRepository
            properties:
              certSecretRef:
                description: "CertSecretRef can be given the name of a secret containing
                  either or both of \n - a PEM-encoded client certificate (`certFile`)
                  and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`)
                  \n and whichever are supplied, will be used for connecting to the
                  registry. The client cert and key are useful if you are authenticating
                  with a certificate; the CA cert is useful if you are using a self-signed
                  server certificate."
                properties:
                  name:
                    description: Name of the referent.
                    type: string
                required:
                - name
                type: object
              ignore:
                description: Ignore overrides the set of excluded patterns in the
                  .sourceignore format (which is the same as .gitignore). If not provided,
                  a default will be used, consult the documentation for your version
                  to find out what those are.
                type: string
              insecure:
                description: Insecure allows connecting to a non-TLS HTTP container
                  registry.
                type: boolean
              interval:
                description: The interval at which to check for image updates.
                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                type: string
              layerSelector:
                description: LayerSelector specifies which layer should be extracted
                  from the OCI artifact. When not specified, the first layer found
                  in the artifact is selected.
                properties:
                  mediaType:
                    description: MediaType specifies the OCI media type of the layer
                      which should be extracted from the OCI Artifact. The first layer
                      matching this type is selected.
                    type: string
                  operation:
                    description: Operation specifies how the selected layer should
                      be processed. By default, the layer compressed content is extracted
                      to storage. When the operation is set to 'copy', the layer compressed
                      content is persisted to storage as it is.
                    enum:
                    - extract
                    - copy
                    type: string
                type: object
              provider:
                default: generic
                description: The provider used for authentication, can be 'aws', 'azure',
                  'gcp' or 'generic'. When not specified, defaults to 'generic'.
                enum:
                - generic
                - aws
                - azure
                - gcp
                type: string
              ref:
                description: The OCI reference to pull and monitor for changes, defaults
                  to the latest tag.
                properties:
                  digest:
                    description: Digest is the image digest to pull, takes precedence
                      over SemVer. The value should be in the format 'sha256:<HASH>'.
                    type: string
                  semver:
                    description: SemVer is the range of tags to pull selecting the
                      latest within the range, takes precedence over Tag.
                    type: string
                  tag:
                    description: Tag is the image tag to pull, defaults to latest.
                    type: string
                type: object
              secretRef:
                description: SecretRef contains the secret name containing the registry
                  login credentials to resolve image metadata. The secret must be
                  of type kubernetes.io/dockerconfigjson.
                properties:
                  name:
                    description: Name of the referent.
                    type: string
                required:
                - name
                type: object
              serviceAccountName:
                description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount
                  used to authenticate the image pull if the service account has attached
                  pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account'
                type: string
              suspend:
                description: This flag tells the controller to suspend the reconciliation
                  of this source.
                type: boolean
              timeout:
                default: 60s
                description: The timeout for remote OCI Repository operations like
                  pulling, defaults to 60s.
                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
                type: string
              url:
                description: URL is a reference to an OCI artifact repository hosted
                  on a remote container registry.
                pattern: ^oci://.*$
                type: string
              verify:
                description: Verify contains the secret name containing the trusted
                  public keys used to verify the signature and specifies which provider
                  to use to check whether OCI image is authentic.
                properties:
                  provider:
                    default: cosign
                    description: Provider specifies the technology used to sign the
                      OCI Artifact.
                    enum:
                    - cosign
                    type: string
                  secretRef:
                    description: SecretRef specifies the Kubernetes Secret containing
                      the trusted public keys.
                    properties:
                      name:
                        description: Name of the referent.
                        type: string
                    required:
                    - name
                    type: object
                required:
                - provider
                type: object
            required:
            - interval
            - url
            type: object
          status:
            default:
              observedGeneration: -1
            description: OCIRepositoryStatus defines the observed state of OCIRepository
            properties:
              artifact:
                description: Artifact represents the output of the last successful
                  OCI Repository sync.
                properties:
                  checksum:
                    description: Checksum is the SHA256 checksum of the Artifact file.
                    type: string
                  lastUpdateTime:
                    description: LastUpdateTime is the timestamp corresponding to
                      the last update of the Artifact.
                    format: date-time
                    type: string
                  metadata:
                    additionalProperties:
                      type: string
                    description: Metadata holds upstream information such as OCI annotations.
                    type: object
                  path:
                    description: Path is the relative file path of the Artifact. It
                      can be used to locate the file in the root of the Artifact storage
                      on the local file system of the controller managing the Source.
                    type: string
                  revision:
                    description: Revision is a human-readable identifier traceable
                      in the origin source system. It can be a Git commit SHA, Git
                      tag, a Helm chart version, etc.
                    type: string
                  size:
                    description: Size is the number of bytes in the file.
                    format: int64
                    type: integer
                  url:
                    description: URL is the HTTP address of the Artifact as exposed
                      by the controller managing the Source. It can be used to retrieve
                      the Artifact for consumption, e.g. by another controller applying
                      the Artifact contents.
                    type: string
                required:
                - path
                - url
                type: object
              conditions:
                description: Conditions holds the conditions for the OCIRepository.
                items:
                  description: "Condition contains details for one aspect of the current
                    state of this API Resource. --- This struct is intended for direct
                    use as an array at the field path .status.conditions.  For example,
                    \n type FooStatus struct{ // Represents the observations of a
                    foo's current state. // Known .status.conditions.type are: \"Available\",
                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                  properties:
                    lastTransitionTime:
                      description: lastTransitionTime is the last time the condition
                        transitioned from one status to another. This should be when
                        the underlying condition changed.  If that is not known, then
                        using the time when the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: message is a human readable message indicating
                        details about the transition. This may be an empty string.
                      maxLength: 32768
                      type: string
                    observedGeneration:
                      description: observedGeneration represents the .metadata.generation
                        that the condition was set based upon. For instance, if .metadata.generation
                        is currently 12, but the .status.conditions[x].observedGeneration
                        is 9, the condition is out of date with respect to the current
                        state of the instance.
                      format: int64
                      minimum: 0
                      type: integer
                    reason:
                      description: reason contains a programmatic identifier indicating
                        the reason for the condition's last transition. Producers
                        of specific condition types may define expected values and
                        meanings for this field, and whether the values are considered
                        a guaranteed API. The value should be a CamelCase string.
                        This field may not be empty.
                      maxLength: 1024
                      minLength: 1
                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
                      enum:
                      - "True"
                      - "False"
                      - Unknown
                      type: string
                    type:
                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
                        --- Many .condition.type values are consistent across resources
                        like Available, but because arbitrary conditions can be useful
                        (see .node.status.conditions), the ability to deconflict is
                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
                      maxLength: 316
                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
                      type: string
                  required:
                  - lastTransitionTime
                  - message
                  - reason
                  - status
                  - type
                  type: object
                type: array
              contentConfigChecksum:
                description: "ContentConfigChecksum is a checksum of all the configurations
                  related to the content of the source artifact: - .spec.ignore -
                  .spec.layerSelector observed in .status.observedGeneration version
                  of the object. This can be used to determine if the content configuration
                  has changed and the artifact needs to be rebuilt. It has the format
                  of `<algo>:<checksum>`, for example: `sha256:<checksum>`. \n Deprecated:
                  Replaced with explicit fields for observed artifact content config
                  in the status."
                type: string
              lastHandledReconcileAt:
                description: LastHandledReconcileAt holds the value of the most recent
                  reconcile request value, so a change of the annotation value can
                  be detected.
                type: string
              observedGeneration:
                description: ObservedGeneration is the last observed generation.
                format: int64
                type: integer
              observedIgnore:
                description: ObservedIgnore is the observed exclusion patterns used
                  for constructing the source artifact.
                type: string
              observedLayerSelector:
                description: ObservedLayerSelector is the observed layer selector
                  used for constructing the source artifact.
                properties:
                  mediaType:
                    description: MediaType specifies the OCI media type of the layer
                      which should be extracted from the OCI Artifact. The first layer
                      matching this type is selected.
                    type: string
                  operation:
                    description: Operation specifies how the selected layer should
                      be processed. By default, the layer compressed content is extracted
                      to storage. When the operation is set to 'copy', the layer compressed
                      content is persisted to storage as it is.
                    enum:
                    - extract
                    - copy
                    type: string
                type: object
              url:
                description: URL is the download link for the artifact output of the
                  last OCI Repository sync.
                type: string
            type: object
        type: object
    served: true
    storage: true
    subresources:
      status: {}
status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.8.0
  creationTimestamp: null
  labels:
    app.kubernetes.io/component: notification-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: v0.38.3
  name: providers.notification.toolkit.fluxcd.io
spec:
  group: notification.toolkit.fluxcd.io
  names:
    kind: Provider
    listKind: ProviderList
    plural: providers
    singular: provider
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    - jsonPath: .status.conditions[?(@.type=="Ready")].status
      name: Ready
      type: string
    - jsonPath: .status.conditions[?(@.type=="Ready")].message
      name: Status
      type: string
    name: v1beta1
    schema:
      openAPIV3Schema:
        description: Provider is the Schema for the providers API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: ProviderSpec defines the desired state of Provider
            properties:
              address:
                description: HTTP/S webhook address of this provider
                pattern: ^(http|https)://
                type: string
              certSecretRef:
                description: CertSecretRef can be given the name of a secret containing
                  a PEM-encoded CA certificate (`caFile`)
                properties:
                  name:
                    description: Name of the referent.
                    type: string
                required:
                - name
                type: object
              channel:
                description: Alert channel for this provider
                type: string
              proxy:
                description: HTTP/S address of the proxy
                pattern: ^(http|https)://
                type: string
              secretRef:
                description: Secret reference containing the provider webhook URL
                  using "address" as data key
                properties:
                  name:
                    description: Name of the referent.
                    type: string
                required:
                - name
                type: object
              suspend:
                description: This flag tells the controller to suspend subsequent
                  events handling. Defaults to false.
                type: boolean
              timeout:
                description: Timeout for sending alerts to the provider.
                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
                type: string
              type:
                description: Type of provider
                enum:
                - slack
                - discord
                - msteams
                - rocket
                - generic
                - generic-hmac
                - github
                - gitlab
                - bitbucket
                - azuredevops
                - googlechat
                - webex
                - sentry
                - azureeventhub
                - telegram
                - lark
                - matrix
                - opsgenie
                - alertmanager
                - grafana
                - githubdispatch
                type: string
              username:
                description: Bot username for this provider
                type: string
            required:
            - type
            type: object
          status:
            default:
              observedGeneration: -1
            description: ProviderStatus defines the observed state of Provider
            properties:
              conditions:
                items:
                  description: "Condition contains details for one aspect of the current
                    state of this API Resource. --- This struct is intended for direct
                    use as an array at the field path .status.conditions.  For example,
                    \n type FooStatus struct{ // Represents the observations of a
                    foo's current state. // Known .status.conditions.type are: \"Available\",
                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                  properties:
                    lastTransitionTime:
                      description: lastTransitionTime is the last time the condition
                        transitioned from one status to another. This should be when
                        the underlying condition changed.  If that is not known, then
                        using the time when the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: message is a human readable message indicating
                        details about the transition. This may be an empty string.
                      maxLength: 32768
                      type: string
                    observedGeneration:
                      description: observedGeneration represents the .metadata.generation
                        that the condition was set based upon. For instance, if .metadata.generation
                        is currently 12, but the .status.conditions[x].observedGeneration
                        is 9, the condition is out of date with respect to the current
                        state of the instance.
                      format: int64
                      minimum: 0
                      type: integer
                    reason:
                      description: reason contains a programmatic identifier indicating
                        the reason for the condition's last transition. Producers
                        of specific condition types may define expected values and
                        meanings for this field, and whether the values are considered
                        a guaranteed API. The value should be a CamelCase string.
                        This field may not be empty.
                      maxLength: 1024
                      minLength: 1
                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
                      enum:
                      - "True"
                      - "False"
                      - Unknown
                      type: string
                    type:
                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
                        --- Many .condition.type values are consistent across resources
                        like Available, but because arbitrary conditions can be useful
                        (see .node.status.conditions), the ability to deconflict is
                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
                      maxLength: 316
                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
                      type: string
                  required:
                  - lastTransitionTime
                  - message
                  - reason
                  - status
                  - type
                  type: object
                type: array
              observedGeneration:
                description: ObservedGeneration is the last reconciled generation.
                format: int64
                type: integer
            type: object
        type: object
    served: true
    storage: false
    subresources:
      status: {}
  - additionalPrinterColumns:
    - jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    - jsonPath: .status.conditions[?(@.type=="Ready")].status
      name: Ready
      type: string
    - jsonPath: .status.conditions[?(@.type=="Ready")].message
      name: Status
      type: string
    name: v1beta2
    schema:
      openAPIV3Schema:
        description: Provider is the Schema for the providers API.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: ProviderSpec defines the desired state of the Provider.
            properties:
              address:
                description: Address specifies the HTTP/S incoming webhook address
                  of this Provider.
                maxLength: 2048
                pattern: ^(http|https)://.*$
                type: string
              certSecretRef:
                description: CertSecretRef specifies the Secret containing a PEM-encoded
                  CA certificate (`caFile`).
                properties:
                  name:
                    description: Name of the referent.
                    type: string
                required:
                - name
                type: object
              channel:
                description: Channel specifies the destination channel where events
                  should be posted.
                maxLength: 2048
                type: string
              interval:
                description: Interval at which to reconcile the Provider with its
                  Secret references.
                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                type: string
              proxy:
                description: Proxy the HTTP/S address of the proxy server.
                maxLength: 2048
                pattern: ^(http|https)://.*$
                type: string
              secretRef:
                description: SecretRef specifies the Secret containing the authentication
                  credentials for this Provider.
                properties:
                  name:
                    description: Name of the referent.
                    type: string
                required:
                - name
                type: object
              suspend:
                description: Suspend tells the controller to suspend subsequent events
                  handling for this Provider.
                type: boolean
              timeout:
                description: Timeout for sending alerts to the Provider.
                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
                type: string
              type:
                description: Type specifies which Provider implementation to use.
                enum:
                - slack
                - discord
                - msteams
                - rocket
                - generic
                - generic-hmac
                - github
                - gitlab
                - gitea
                - bitbucket
                - azuredevops
                - googlechat
                - webex
                - sentry
                - azureeventhub
                - telegram
                - lark
                - matrix
                - opsgenie
                - alertmanager
                - grafana
                - githubdispatch
                type: string
              username:
                description: Username specifies the name under which events are posted.
                maxLength: 2048
                type: string
            required:
            - type
            type: object
          status:
            default:
              observedGeneration: -1
            description: ProviderStatus defines the observed state of the Provider.
            properties:
              conditions:
                description: Conditions holds the conditions for the Provider.
                items:
                  description: "Condition contains details for one aspect of the current
                    state of this API Resource. --- This struct is intended for direct
                    use as an array at the field path .status.conditions.  For example,
                    \n type FooStatus struct{ // Represents the observations of a
                    foo's current state. // Known .status.conditions.type are: \"Available\",
                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                  properties:
                    lastTransitionTime:
                      description: lastTransitionTime is the last time the condition
                        transitioned from one status to another. This should be when
                        the underlying condition changed.  If that is not known, then
                        using the time when the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: message is a human readable message indicating
                        details about the transition. This may be an empty string.
                      maxLength: 32768
                      type: string
                    observedGeneration:
                      description: observedGeneration represents the .metadata.generation
                        that the condition was set based upon. For instance, if .metadata.generation
                        is currently 12, but the .status.conditions[x].observedGeneration
                        is 9, the condition is out of date with respect to the current
                        state of the instance.
                      format: int64
                      minimum: 0
                      type: integer
                    reason:
                      description: reason contains a programmatic identifier indicating
                        the reason for the condition's last transition. Producers
                        of specific condition types may define expected values and
                        meanings for this field, and whether the values are considered
                        a guaranteed API. The value should be a CamelCase string.
                        This field may not be empty.
                      maxLength: 1024
                      minLength: 1
                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
                      enum:
                      - "True"
                      - "False"
                      - Unknown
                      type: string
                    type:
                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
                        --- Many .condition.type values are consistent across resources
                        like Available, but because arbitrary conditions can be useful
                        (see .node.status.conditions), the ability to deconflict is
                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
                      maxLength: 316
                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
                      type: string
                  required:
                  - lastTransitionTime
                  - message
                  - reason
                  - status
                  - type
                  type: object
                type: array
              lastHandledReconcileAt:
                description: LastHandledReconcileAt holds the value of the most recent
                  reconcile request value, so a change of the annotation value can
                  be detected.
                type: string
              observedGeneration:
                description: ObservedGeneration is the last reconciled generation.
                format: int64
                type: integer
            type: object
        type: object
    served: true
    storage: true
    subresources:
      status: {}
status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.8.0
  creationTimestamp: null
  labels:
    app.kubernetes.io/component: notification-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: v0.38.3
  name: receivers.notification.toolkit.fluxcd.io
spec:
  group: notification.toolkit.fluxcd.io
  names:
    kind: Receiver
    listKind: ReceiverList
    plural: receivers
    singular: receiver
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    - jsonPath: .status.conditions[?(@.type=="Ready")].status
      name: Ready
      type: string
    - jsonPath: .status.conditions[?(@.type=="Ready")].message
      name: Status
      type: string
    name: v1beta1
    schema:
      openAPIV3Schema:
        description: Receiver is the Schema for the receivers API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation


@@ 4550,32 4812,63 @@ spec:
          metadata:
            type: object
          spec:
            description: ProviderSpec defines the desired state of Provider
            description: ReceiverSpec defines the desired state of Receiver
            properties:
              address:
                description: HTTP/S webhook address of this provider
                pattern: ^(http|https)://
                type: string
              certSecretRef:
                description: CertSecretRef can be given the name of a secret containing
                  a PEM-encoded CA certificate (`caFile`)
                properties:
                  name:
                    description: Name of the referent.
                    type: string
                required:
                - name
                type: object
              channel:
                description: Alert channel for this provider
                type: string
              proxy:
                description: HTTP/S address of the proxy
                pattern: ^(http|https)://
                type: string
              events:
                description: A list of events to handle, e.g. 'push' for GitHub or
                  'Push Hook' for GitLab.
                items:
                  type: string
                type: array
              resources:
                description: A list of resources to be notified about changes.
                items:
                  description: CrossNamespaceObjectReference contains enough information
                    to let you locate the typed referenced object at cluster level
                  properties:
                    apiVersion:
                      description: API version of the referent
                      type: string
                    kind:
                      description: Kind of the referent
                      enum:
                      - Bucket
                      - GitRepository
                      - Kustomization
                      - HelmRelease
                      - HelmChart
                      - HelmRepository
                      - ImageRepository
                      - ImagePolicy
                      - ImageUpdateAutomation
                      - OCIRepository
                      type: string
                    matchLabels:
                      additionalProperties:
                        type: string
                      description: MatchLabels is a map of {key,value} pairs. A single
                        {key,value} in the matchLabels map is equivalent to an element
                        of matchExpressions, whose key field is "key", the operator
                        is "In", and the values array contains only "value". The requirements
                        are ANDed.
                      type: object
                    name:
                      description: Name of the referent
                      maxLength: 53
                      minLength: 1
                      type: string
                    namespace:
                      description: Namespace of the referent
                      maxLength: 53
                      minLength: 1
                      type: string
                  required:
                  - name
                  type: object
                type: array
              secretRef:
                description: Secret reference containing the provider webhook URL
                  using "address" as data key
                description: Secret reference containing the token used to validate
                  the payload authenticity
                properties:
                  name:
                    description: Name of the referent.


@@ 4588,52 4881,41 @@ spec:
                  events handling. Defaults to false.
                type: boolean
              type:
                description: Type of provider
                description: Type of webhook sender, used to determine the validation
                  procedure and payload deserialization.
                enum:
                - slack
                - discord
                - msteams
                - rocket
                - generic
                - generic-hmac
                - github
                - gitlab
                - bitbucket
                - azuredevops
                - googlechat
                - webex
                - sentry
                - azureeventhub
                - telegram
                - lark
                - matrix
                - opsgenie
                - alertmanager
                - grafana
                - githubdispatch
                type: string
              username:
                description: Bot username for this provider
                - harbor
                - dockerhub
                - quay
                - gcr
                - nexus
                - acr
                type: string
            required:
            - resources
            - type
            type: object
          status:
            default:
              observedGeneration: -1
            description: ProviderStatus defines the observed state of Provider
            description: ReceiverStatus defines the observed state of Receiver
            properties:
              conditions:
                items:
                  description: "Condition contains details for one aspect of the current
                    state of this API Resource. --- This struct is intended for direct
                    use as an array at the field path .status.conditions.  For example,
                    type FooStatus struct{     // Represents the observations of a
                    foo's current state.     // Known .status.conditions.type are:
                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
                    \n     // other fields }"
                    \n type FooStatus struct{ // Represents the observations of a
                    foo's current state. // Known .status.conditions.type are: \"Available\",
                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                  properties:
                    lastTransitionTime:
                      description: lastTransitionTime is the last time the condition


@@ 4692,42 4974,18 @@ spec:
                  type: object
                type: array
              observedGeneration:
                description: ObservedGeneration is the last reconciled generation.
                description: ObservedGeneration is the last observed generation.
                format: int64
                type: integer
              url:
                description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.
                type: string
            type: object
        type: object
    served: true
    storage: true
    storage: false
    subresources:
      status: {}
status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.7.0
  creationTimestamp: null
  labels:
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
  name: receivers.notification.toolkit.fluxcd.io
spec:
  group: notification.toolkit.fluxcd.io
  names:
    kind: Receiver
    listKind: ReceiverList
    plural: receivers
    singular: receiver
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - jsonPath: .metadata.creationTimestamp
      name: Age


@@ 4738,10 4996,10 @@ spec:
    - jsonPath: .status.conditions[?(@.type=="Ready")].message
      name: Status
      type: string
    name: v1beta1
    name: v1beta2
    schema:
      openAPIV3Schema:
        description: Receiver is the Schema for the receivers API
        description: Receiver is the Schema for the receivers API.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation


@@ 4756,14 5014,19 @@ spec:
          metadata:
            type: object
          spec:
            description: ReceiverSpec defines the desired state of Receiver
            description: ReceiverSpec defines the desired state of the Receiver.
            properties:
              events:
                description: A list of events to handle, e.g. 'push' for GitHub or
                  'Push Hook' for GitLab.
                description: Events specifies the list of event types to handle, e.g.
                  'push' for GitHub or 'Push Hook' for GitLab.
                items:
                  type: string
                type: array
              interval:
                description: Interval at which to reconcile the Receiver with its
                  Secret references.
                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                type: string
              resources:
                description: A list of resources to be notified about changes.
                items:


@@ 4771,10 5034,10 @@ spec:
                    to let you locate the typed referenced object at cluster level
                  properties:
                    apiVersion:
                      description: API version of the referent
                      description: API version of the referent.
                      type: string
                    kind:
                      description: Kind of the referent
                      description: Kind of the referent.
                      enum:
                      - Bucket
                      - GitRepository


@@ 4785,6 5048,7 @@ spec:
                      - ImageRepository
                      - ImagePolicy
                      - ImageUpdateAutomation
                      - OCIRepository
                      type: string
                    matchLabels:
                      additionalProperties:


@@ 4796,12 5060,12 @@ spec:
                        are ANDed.
                      type: object
                    name:
                      description: Name of the referent
                      description: Name of the referent.
                      maxLength: 53
                      minLength: 1
                      type: string
                    namespace:
                      description: Namespace of the referent
                      description: Namespace of the referent.
                      maxLength: 53
                      minLength: 1
                      type: string


@@ 4810,8 5074,8 @@ spec:
                  type: object
                type: array
              secretRef:
                description: Secret reference containing the token used to validate
                  the payload authenticity
                description: SecretRef specifies the Secret containing the token used
                  to validate the payload authenticity.
                properties:
                  name:
                    description: Name of the referent.


@@ 4820,8 5084,8 @@ spec:
                - name
                type: object
              suspend:
                description: This flag tells the controller to suspend subsequent
                  events handling. Defaults to false.
                description: Suspend tells the controller to suspend subsequent events
                  handling for this receiver.
                type: boolean
              type:
                description: Type of webhook sender, used to determine the validation


@@ 4846,20 5110,20 @@ spec:
          status:
            default:
              observedGeneration: -1
            description: ReceiverStatus defines the observed state of Receiver
            description: ReceiverStatus defines the observed state of the Receiver.
            properties:
              conditions:
                description: Conditions holds the conditions for the Receiver.
                items:
                  description: "Condition contains details for one aspect of the current
                    state of this API Resource. --- This struct is intended for direct
                    use as an array at the field path .status.conditions.  For example,
                    type FooStatus struct{     // Represents the observations of a
                    foo's current state.     // Known .status.conditions.type are:
                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
                    \n     // other fields }"
                    \n type FooStatus struct{ // Represents the observations of a
                    foo's current state. // Known .status.conditions.type are: \"Available\",
                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                  properties:
                    lastTransitionTime:
                      description: lastTransitionTime is the last time the condition


@@ 4917,12 5181,24 @@ spec:
                  - type
                  type: object
                type: array
              lastHandledReconcileAt:
                description: LastHandledReconcileAt holds the value of the most recent
                  reconcile request value, so a change of the annotation value can
                  be detected.
                type: string
              observedGeneration:
                description: ObservedGeneration is the last observed generation.
                description: ObservedGeneration is the last observed generation of
                  the Receiver object.
                format: int64
                type: integer
              url:
                description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.
                description: 'URL is the generated incoming webhook address in the
                  format of ''/hook/sha256sum(token+name+namespace)''. Deprecated:
                  Replaced by WebhookPath.'
                type: string
              webhookPath:
                description: WebhookPath is the generated incoming webhook address
                  in the format of '/hook/sha256sum(token+name+namespace)'.
                type: string
            type: object
        type: object


@@ 4941,19 5217,10 @@ apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/component: kustomize-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
  name: helm-controller
  namespace: flux-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
  name: kustomize-controller
  namespace: flux-system
---


@@ 4961,9 5228,10 @@ apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/component: notification-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
  name: notification-controller
  namespace: flux-system
---


@@ 4971,9 5239,10 @@ apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/component: source-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
  name: source-controller
  namespace: flux-system
---


@@ 4983,7 5252,7 @@ metadata:
  labels:
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
  name: crd-controller-flux-system
rules:
- apiGroups:


@@ 5073,7 5342,7 @@ metadata:
  labels:
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
  name: cluster-reconciler-flux-system
roleRef:
  apiGroup: rbac.authorization.k8s.io


@@ 5093,7 5362,7 @@ metadata:
  labels:
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
  name: crd-controller-flux-system
roleRef:
  apiGroup: rbac.authorization.k8s.io


@@ 5123,9 5392,10 @@ apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: notification-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
    control-plane: controller
  name: notification-controller
  namespace: flux-system


@@ 5143,9 5413,10 @@ apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: source-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
    control-plane: controller
  name: source-controller
  namespace: flux-system


@@ 5163,9 5434,10 @@ apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: notification-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
    control-plane: controller
  name: webhook-receiver
  namespace: flux-system


@@ 5183,91 5455,10 @@ apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/component: kustomize-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    control-plane: controller
  name: helm-controller
  namespace: flux-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: helm-controller
  template:
    metadata:
      annotations:
        prometheus.io/port: "8080"
        prometheus.io/scrape: "true"
      labels:
        app: helm-controller
    spec:
      containers:
      - args:
        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
        - --watch-all-namespaces=true
        - --log-level=info
        - --log-encoding=json
        - --enable-leader-election
        env:
        - name: RUNTIME_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        image: ghcr.io/fluxcd/helm-controller:v0.22.1
        imagePullPolicy: IfNotPresent
        livenessProbe:
          httpGet:
            path: /healthz
            port: healthz
        name: manager
        ports:
        - containerPort: 8080
          name: http-prom
          protocol: TCP
        - containerPort: 9440
          name: healthz
          protocol: TCP
        readinessProbe:
          httpGet:
            path: /readyz
            port: healthz
        resources:
          limits:
            cpu: 1000m
            memory: 1Gi
          requests:
            cpu: 100m
            memory: 64Mi
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          seccompProfile:
            type: RuntimeDefault
        volumeMounts:
        - mountPath: /tmp
          name: temp
      nodeSelector:
        kubernetes.io/os: linux
      securityContext:
        fsGroup: 1337
      serviceAccountName: helm-controller
      terminationGracePeriodSeconds: 600
      volumes:
      - emptyDir: {}
        name: temp
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
    control-plane: controller
  name: kustomize-controller
  namespace: flux-system


@@ 5296,7 5487,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        image: ghcr.io/fluxcd/kustomize-controller:v0.26.1
        image: ghcr.io/fluxcd/kustomize-controller:v0.32.0
        imagePullPolicy: IfNotPresent
        livenessProbe:
          httpGet:


@@ 5347,9 5538,10 @@ apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/component: notification-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
    control-plane: controller
  name: notification-controller
  namespace: flux-system


@@ 5377,7 5569,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        image: ghcr.io/fluxcd/notification-controller:v0.24.0
        image: ghcr.io/fluxcd/notification-controller:v0.30.2
        imagePullPolicy: IfNotPresent
        livenessProbe:
          httpGet:


@@ 5434,9 5626,10 @@ apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/component: source-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
    control-plane: controller
  name: source-controller
  namespace: flux-system


@@ 5469,7 5662,9 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        image: ghcr.io/fluxcd/source-controller:v0.25.8
        - name: TUF_ROOT
          value: /tmp/.sigstore
        image: ghcr.io/fluxcd/source-controller:v0.33.0
        imagePullPolicy: IfNotPresent
        livenessProbe:
          httpGet:


@@ 5529,7 5724,7 @@ metadata:
  labels:
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
  name: allow-egress
  namespace: flux-system
spec:


@@ 5549,7 5744,7 @@ metadata:
  labels:
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
  name: allow-scraping
  namespace: flux-system
spec:


@@ 5569,7 5764,7 @@ metadata:
  labels:
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: 0.31.2
    app.kubernetes.io/version: v0.38.3
  name: allow-webhooks
  namespace: flux-system
spec: