2663 lines
117 KiB
YAML
2663 lines
117 KiB
YAML
---
|
||
apiVersion: v1
|
||
kind: Namespace
|
||
metadata:
|
||
name: kapp-controller
|
||
---
|
||
apiVersion: v1
|
||
kind: Namespace
|
||
metadata:
|
||
name: kapp-controller-packaging-global
|
||
---
|
||
apiVersion: apiregistration.k8s.io/v1
|
||
kind: APIService
|
||
metadata:
|
||
name: v1alpha1.data.packaging.carvel.dev
|
||
spec:
|
||
group: data.packaging.carvel.dev
|
||
groupPriorityMinimum: 100
|
||
service:
|
||
name: packaging-api
|
||
namespace: kapp-controller
|
||
version: v1alpha1
|
||
versionPriority: 100
|
||
---
|
||
apiVersion: v1
|
||
kind: Service
|
||
metadata:
|
||
name: packaging-api
|
||
namespace: kapp-controller
|
||
spec:
|
||
ports:
|
||
- port: 443
|
||
protocol: TCP
|
||
targetPort: api
|
||
selector:
|
||
app: kapp-controller
|
||
---
|
||
apiVersion: apiextensions.k8s.io/v1
|
||
kind: CustomResourceDefinition
|
||
metadata:
|
||
name: internalpackagemetadatas.internal.packaging.carvel.dev
|
||
spec:
|
||
group: internal.packaging.carvel.dev
|
||
names:
|
||
kind: InternalPackageMetadata
|
||
listKind: InternalPackageMetadataList
|
||
plural: internalpackagemetadatas
|
||
singular: internalpackagemetadata
|
||
scope: Namespaced
|
||
versions:
|
||
- name: v1alpha1
|
||
schema:
|
||
openAPIV3Schema:
|
||
properties:
|
||
apiVersion:
|
||
description: 'APIVersion defines the versioned schema of this representation
|
||
of an object. Servers should convert recognized schemas to the latest
|
||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||
type: string
|
||
kind:
|
||
description: 'Kind is a string value representing the REST resource this
|
||
object represents. Servers may infer this from the endpoint the client
|
||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||
type: string
|
||
metadata:
|
||
type: object
|
||
spec:
|
||
properties:
|
||
categories:
|
||
description: Classifiers of the package (optional; Array of strings)
|
||
items:
|
||
type: string
|
||
type: array
|
||
displayName:
|
||
description: Human friendly name of the package (optional; string)
|
||
type: string
|
||
iconSVGBase64:
|
||
description: Base64 encoded icon (optional; string)
|
||
type: string
|
||
longDescription:
|
||
description: Long description of the package (optional; string)
|
||
type: string
|
||
maintainers:
|
||
description: List of maintainer info for the package. Currently only
|
||
supports the name key. (optional; array of maintner info)
|
||
items:
|
||
properties:
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: array
|
||
providerName:
|
||
description: Name of the entity distributing the package (optional;
|
||
string)
|
||
type: string
|
||
shortDescription:
|
||
description: Short desription of the package (optional; string)
|
||
type: string
|
||
supportDescription:
|
||
description: Description of the support available for the package
|
||
(optional; string)
|
||
type: string
|
||
type: object
|
||
required:
|
||
- spec
|
||
type: object
|
||
served: true
|
||
storage: true
|
||
subresources:
|
||
status: {}
|
||
---
|
||
apiVersion: apiextensions.k8s.io/v1
|
||
kind: CustomResourceDefinition
|
||
metadata:
|
||
name: internalpackages.internal.packaging.carvel.dev
|
||
spec:
|
||
group: internal.packaging.carvel.dev
|
||
names:
|
||
kind: InternalPackage
|
||
listKind: InternalPackageList
|
||
plural: internalpackages
|
||
singular: internalpackage
|
||
scope: Namespaced
|
||
versions:
|
||
- name: v1alpha1
|
||
schema:
|
||
openAPIV3Schema:
|
||
properties:
|
||
apiVersion:
|
||
description: 'APIVersion defines the versioned schema of this representation
|
||
of an object. Servers should convert recognized schemas to the latest
|
||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||
type: string
|
||
kind:
|
||
description: 'Kind is a string value representing the REST resource this
|
||
object represents. Servers may infer this from the endpoint the client
|
||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||
type: string
|
||
metadata:
|
||
type: object
|
||
spec:
|
||
properties:
|
||
capacityRequirementsDescription:
|
||
description: 'System requirements needed to install the package. Note:
|
||
these requirements will not be verified by kapp-controller on installation.
|
||
(optional; string)'
|
||
type: string
|
||
includedSoftware:
|
||
description: IncludedSoftware can be used to show the software contents
|
||
of a Package. This is especially useful if the underlying versions
|
||
do not match the Package version
|
||
items:
|
||
description: IncludedSoftware contains the underlying Software Contents
|
||
of a Package
|
||
properties:
|
||
description:
|
||
type: string
|
||
displayName:
|
||
type: string
|
||
version:
|
||
type: string
|
||
type: object
|
||
type: array
|
||
kappControllerVersionSelection:
|
||
description: KappControllerVersionSelection specifies the versions
|
||
of kapp-controller which can install this package
|
||
properties:
|
||
constraints:
|
||
type: string
|
||
type: object
|
||
kubernetesVersionSelection:
|
||
description: KubernetesVersionSelection specifies the versions of
|
||
k8s which this package can be installed on
|
||
properties:
|
||
constraints:
|
||
type: string
|
||
type: object
|
||
licenses:
|
||
description: Description of the licenses that apply to the package
|
||
software (optional; Array of strings)
|
||
items:
|
||
type: string
|
||
type: array
|
||
refName:
|
||
description: The name of the PackageMetadata associated with this
|
||
version Must be a valid PackageMetadata name (see PackageMetadata
|
||
CR for details) Cannot be empty
|
||
type: string
|
||
releaseNotes:
|
||
description: Version release notes (optional; string)
|
||
type: string
|
||
releasedAt:
|
||
description: Timestamp of release (iso8601 formatted string; optional)
|
||
format: date-time
|
||
nullable: true
|
||
type: string
|
||
template:
|
||
properties:
|
||
spec:
|
||
properties:
|
||
canceled:
|
||
description: Cancels current and future reconciliations (optional;
|
||
default=false)
|
||
type: boolean
|
||
cluster:
|
||
description: Specifies that app should be deployed to destination
|
||
cluster; by default, cluster is same as where this resource
|
||
resides (optional; v0.5.0+)
|
||
properties:
|
||
kubeconfigSecretRef:
|
||
description: Specifies secret containing kubeconfig (required)
|
||
properties:
|
||
key:
|
||
description: Specifies key that contains kubeconfig
|
||
(optional)
|
||
type: string
|
||
name:
|
||
description: Specifies secret name within app's namespace
|
||
(required)
|
||
type: string
|
||
type: object
|
||
namespace:
|
||
description: Specifies namespace in destination cluster
|
||
(optional)
|
||
type: string
|
||
type: object
|
||
deploy:
|
||
items:
|
||
properties:
|
||
kapp:
|
||
description: Use kapp to deploy resources
|
||
properties:
|
||
delete:
|
||
description: Configuration for delete command (optional)
|
||
properties:
|
||
rawOptions:
|
||
description: Pass through options to kapp delete
|
||
(optional)
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
inspect:
|
||
description: 'Configuration for inspect command
|
||
(optional) as of kapp-controller v0.31.0, inspect
|
||
is disabled by default add rawOptions or use an
|
||
empty inspect config like `inspect: {}` to enable'
|
||
properties:
|
||
rawOptions:
|
||
description: Pass through options to kapp inspect
|
||
(optional)
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
intoNs:
|
||
description: Override namespace for all resources
|
||
(optional)
|
||
type: string
|
||
mapNs:
|
||
description: Provide custom namespace override mapping
|
||
(optional)
|
||
items:
|
||
type: string
|
||
type: array
|
||
rawOptions:
|
||
description: Pass through options to kapp deploy
|
||
(optional)
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
type: object
|
||
type: array
|
||
fetch:
|
||
items:
|
||
properties:
|
||
git:
|
||
description: Uses git to clone repository
|
||
properties:
|
||
lfsSkipSmudge:
|
||
description: Skip lfs download (optional)
|
||
type: boolean
|
||
ref:
|
||
description: Branch, tag, commit; origin is the
|
||
name of the remote (optional)
|
||
type: string
|
||
refSelection:
|
||
description: Specifies a strategy to resolve to
|
||
an explicit ref (optional; v0.24.0+)
|
||
properties:
|
||
semver:
|
||
properties:
|
||
constraints:
|
||
type: string
|
||
prereleases:
|
||
properties:
|
||
identifiers:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
type: object
|
||
type: object
|
||
secretRef:
|
||
description: 'Secret with auth details. allowed
|
||
keys: ssh-privatekey, ssh-knownhosts, username,
|
||
password (optional) (if ssh-knownhosts is not
|
||
specified, git will not perform strict host checking)'
|
||
properties:
|
||
name:
|
||
description: Object is expected to be within
|
||
same namespace
|
||
type: string
|
||
type: object
|
||
subPath:
|
||
description: Grab only portion of repository (optional)
|
||
type: string
|
||
url:
|
||
description: http or ssh urls are supported (required)
|
||
type: string
|
||
type: object
|
||
helmChart:
|
||
description: Uses helm fetch to fetch specified chart
|
||
properties:
|
||
name:
|
||
description: 'Example: stable/redis'
|
||
type: string
|
||
repository:
|
||
properties:
|
||
secretRef:
|
||
properties:
|
||
name:
|
||
description: Object is expected to be within
|
||
same namespace
|
||
type: string
|
||
type: object
|
||
url:
|
||
description: Repository url; scheme of oci://
|
||
will fetch experimental helm oci chart (v0.19.0+)
|
||
(required)
|
||
type: string
|
||
type: object
|
||
version:
|
||
type: string
|
||
type: object
|
||
http:
|
||
description: Uses http library to fetch file
|
||
properties:
|
||
secretRef:
|
||
description: 'Secret to provide auth details (optional)
|
||
Secret may include one or more keys: username,
|
||
password'
|
||
properties:
|
||
name:
|
||
description: Object is expected to be within
|
||
same namespace
|
||
type: string
|
||
type: object
|
||
sha256:
|
||
description: Checksum to verify after download (optional)
|
||
type: string
|
||
subPath:
|
||
description: Grab only portion of download (optional)
|
||
type: string
|
||
url:
|
||
description: 'URL can point to one of following
|
||
formats: text, tgz, zip http and https url are
|
||
supported; plain file, tgz and tar types are supported
|
||
(required)'
|
||
type: string
|
||
type: object
|
||
image:
|
||
description: Pulls content from Docker/OCI registry
|
||
properties:
|
||
secretRef:
|
||
description: 'Secret may include one or more keys:
|
||
username, password, token. By default anonymous
|
||
access is used for authentication.'
|
||
properties:
|
||
name:
|
||
description: Object is expected to be within
|
||
same namespace
|
||
type: string
|
||
type: object
|
||
subPath:
|
||
description: Grab only portion of image (optional)
|
||
type: string
|
||
tagSelection:
|
||
description: Specifies a strategy to choose a tag
|
||
(optional; v0.24.0+) if specified, do not include
|
||
a tag in url key
|
||
properties:
|
||
semver:
|
||
properties:
|
||
constraints:
|
||
type: string
|
||
prereleases:
|
||
properties:
|
||
identifiers:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
type: object
|
||
type: object
|
||
url:
|
||
description: 'Docker image url; unqualified, tagged,
|
||
or digest references supported (required) Example:
|
||
username/app1-config:v0.1.0'
|
||
type: string
|
||
type: object
|
||
imgpkgBundle:
|
||
description: Pulls imgpkg bundle from Docker/OCI registry
|
||
(v0.17.0+)
|
||
properties:
|
||
image:
|
||
description: Docker image url; unqualified, tagged,
|
||
or digest references supported (required)
|
||
type: string
|
||
secretRef:
|
||
description: 'Secret may include one or more keys:
|
||
username, password, token. By default anonymous
|
||
access is used for authentication.'
|
||
properties:
|
||
name:
|
||
description: Object is expected to be within
|
||
same namespace
|
||
type: string
|
||
type: object
|
||
tagSelection:
|
||
description: Specifies a strategy to choose a tag
|
||
(optional; v0.24.0+) if specified, do not include
|
||
a tag in url key
|
||
properties:
|
||
semver:
|
||
properties:
|
||
constraints:
|
||
type: string
|
||
prereleases:
|
||
properties:
|
||
identifiers:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
type: object
|
||
type: object
|
||
type: object
|
||
inline:
|
||
description: Pulls content from within this resource;
|
||
or other resources in the cluster
|
||
properties:
|
||
paths:
|
||
additionalProperties:
|
||
type: string
|
||
description: Specifies mapping of paths to their
|
||
content; not recommended for sensitive values
|
||
as CR is not encrypted (optional)
|
||
type: object
|
||
pathsFrom:
|
||
description: Specifies content via secrets and config
|
||
maps; data values are recommended to be placed
|
||
in secrets (optional)
|
||
items:
|
||
properties:
|
||
configMapRef:
|
||
properties:
|
||
directoryPath:
|
||
description: Specifies where to place
|
||
files found in secret (optional)
|
||
type: string
|
||
name:
|
||
type: string
|
||
type: object
|
||
secretRef:
|
||
properties:
|
||
directoryPath:
|
||
description: Specifies where to place
|
||
files found in secret (optional)
|
||
type: string
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: object
|
||
type: array
|
||
type: object
|
||
path:
|
||
description: Relative path to place the fetched artifacts
|
||
type: string
|
||
type: object
|
||
type: array
|
||
noopDelete:
|
||
description: Deletion requests for the App will result in
|
||
the App CR being deleted, but its associated resources will
|
||
not be deleted (optional; default=false; v0.18.0+)
|
||
type: boolean
|
||
paused:
|
||
description: Pauses _future_ reconciliation; does _not_ affect
|
||
currently running reconciliation (optional; default=false)
|
||
type: boolean
|
||
serviceAccountName:
|
||
description: Specifies that app should be deployed authenticated
|
||
via given service account, found in this namespace (optional;
|
||
v0.6.0+)
|
||
type: string
|
||
syncPeriod:
|
||
description: Specifies the length of time to wait, in time
|
||
+ unit format, before reconciling. Always >= 30s. If value
|
||
below 30s is specified, 30s will be used. (optional; v0.9.0+;
|
||
default=30s)
|
||
type: string
|
||
template:
|
||
items:
|
||
properties:
|
||
cue:
|
||
properties:
|
||
inputExpression:
|
||
description: Cue expression for single path component,
|
||
can be used to unify ValuesFrom into a given field
|
||
(optional)
|
||
type: string
|
||
outputExpression:
|
||
description: Cue expression to output, default will
|
||
export all visible fields (optional)
|
||
type: string
|
||
paths:
|
||
description: Explicit list of files/directories
|
||
(optional)
|
||
items:
|
||
type: string
|
||
type: array
|
||
valuesFrom:
|
||
description: Provide values (optional)
|
||
items:
|
||
properties:
|
||
configMapRef:
|
||
properties:
|
||
name:
|
||
type: string
|
||
type: object
|
||
downwardAPI:
|
||
properties:
|
||
items:
|
||
items:
|
||
properties:
|
||
fieldPath:
|
||
description: 'Required: Selects
|
||
a field of the app: only annotations,
|
||
labels, uid, name and namespace
|
||
are supported.'
|
||
type: string
|
||
kappControllerVersion:
|
||
description: 'Optional: Get running
|
||
KappController version, defaults
|
||
(empty) to retrieving the current
|
||
running version.. Can be manually
|
||
supplied instead.'
|
||
properties:
|
||
version:
|
||
type: string
|
||
type: object
|
||
kubernetesAPIs:
|
||
description: 'Optional: Get running
|
||
KubernetesAPIs from cluster, defaults
|
||
(empty) to retrieving the APIs
|
||
from the cluster. Can be manually
|
||
supplied instead, e.g ["group/version",
|
||
"group2/version2"]'
|
||
properties:
|
||
groupVersions:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
kubernetesVersion:
|
||
description: 'Optional: Get running
|
||
Kubernetes version from cluster,
|
||
defaults (empty) to retrieving
|
||
the version from the cluster.
|
||
Can be manually supplied instead.'
|
||
properties:
|
||
version:
|
||
type: string
|
||
type: object
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: array
|
||
type: object
|
||
path:
|
||
type: string
|
||
secretRef:
|
||
properties:
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: object
|
||
type: array
|
||
type: object
|
||
helmTemplate:
|
||
description: Use helm template command to render helm
|
||
chart
|
||
properties:
|
||
kubernetesAPIs:
|
||
description: 'Optional: Use kubernetes group/versions
|
||
resources available in the live cluster'
|
||
properties:
|
||
groupVersions:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
kubernetesVersion:
|
||
description: 'Optional: Get Kubernetes version,
|
||
defaults (empty) to retrieving the version from
|
||
the cluster. Can be manually overridden to a value
|
||
instead.'
|
||
properties:
|
||
version:
|
||
type: string
|
||
type: object
|
||
name:
|
||
description: Set name explicitly, default is App
|
||
CR's name (optional; v0.13.0+)
|
||
type: string
|
||
namespace:
|
||
description: Set namespace explicitly, default is
|
||
App CR's namespace (optional; v0.13.0+)
|
||
type: string
|
||
path:
|
||
description: Path to chart (optional; v0.13.0+)
|
||
type: string
|
||
valuesFrom:
|
||
description: One or more secrets, config maps, paths
|
||
that provide values (optional)
|
||
items:
|
||
properties:
|
||
configMapRef:
|
||
properties:
|
||
name:
|
||
type: string
|
||
type: object
|
||
downwardAPI:
|
||
properties:
|
||
items:
|
||
items:
|
||
properties:
|
||
fieldPath:
|
||
description: 'Required: Selects
|
||
a field of the app: only annotations,
|
||
labels, uid, name and namespace
|
||
are supported.'
|
||
type: string
|
||
kappControllerVersion:
|
||
description: 'Optional: Get running
|
||
KappController version, defaults
|
||
(empty) to retrieving the current
|
||
running version.. Can be manually
|
||
supplied instead.'
|
||
properties:
|
||
version:
|
||
type: string
|
||
type: object
|
||
kubernetesAPIs:
|
||
description: 'Optional: Get running
|
||
KubernetesAPIs from cluster, defaults
|
||
(empty) to retrieving the APIs
|
||
from the cluster. Can be manually
|
||
supplied instead, e.g ["group/version",
|
||
"group2/version2"]'
|
||
properties:
|
||
groupVersions:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
kubernetesVersion:
|
||
description: 'Optional: Get running
|
||
Kubernetes version from cluster,
|
||
defaults (empty) to retrieving
|
||
the version from the cluster.
|
||
Can be manually supplied instead.'
|
||
properties:
|
||
version:
|
||
type: string
|
||
type: object
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: array
|
||
type: object
|
||
path:
|
||
type: string
|
||
secretRef:
|
||
properties:
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: object
|
||
type: array
|
||
type: object
|
||
jsonnet:
|
||
description: TODO implement jsonnet
|
||
type: object
|
||
kbld:
|
||
description: Use kbld to resolve image references to
|
||
use digests
|
||
properties:
|
||
paths:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
kustomize:
|
||
description: TODO implement kustomize
|
||
type: object
|
||
sops:
|
||
description: Use sops to decrypt *.sops.yml files (optional;
|
||
v0.11.0+)
|
||
properties:
|
||
age:
|
||
properties:
|
||
privateKeysSecretRef:
|
||
description: Secret with private armored PGP
|
||
private keys (required)
|
||
properties:
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: object
|
||
paths:
|
||
description: Lists paths to decrypt explicitly (optional;
|
||
v0.13.0+)
|
||
items:
|
||
type: string
|
||
type: array
|
||
pgp:
|
||
description: Use PGP to decrypt files (required)
|
||
properties:
|
||
privateKeysSecretRef:
|
||
description: Secret with private armored PGP
|
||
private keys (required)
|
||
properties:
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: object
|
||
type: object
|
||
ytt:
|
||
description: Use ytt to template configuration
|
||
properties:
|
||
fileMarks:
|
||
description: Control metadata about input files
|
||
passed to ytt (optional; v0.18.0+) see https://carvel.dev/ytt/docs/latest/file-marks/
|
||
for more details
|
||
items:
|
||
type: string
|
||
type: array
|
||
ignoreUnknownComments:
|
||
description: Ignores comments that ytt doesn't recognize
|
||
(optional; default=false)
|
||
type: boolean
|
||
inline:
|
||
description: Specify additional files, including
|
||
data values (optional)
|
||
properties:
|
||
paths:
|
||
additionalProperties:
|
||
type: string
|
||
description: Specifies mapping of paths to their
|
||
content; not recommended for sensitive values
|
||
as CR is not encrypted (optional)
|
||
type: object
|
||
pathsFrom:
|
||
description: Specifies content via secrets and
|
||
config maps; data values are recommended to
|
||
be placed in secrets (optional)
|
||
items:
|
||
properties:
|
||
configMapRef:
|
||
properties:
|
||
directoryPath:
|
||
description: Specifies where to place
|
||
files found in secret (optional)
|
||
type: string
|
||
name:
|
||
type: string
|
||
type: object
|
||
secretRef:
|
||
properties:
|
||
directoryPath:
|
||
description: Specifies where to place
|
||
files found in secret (optional)
|
||
type: string
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: object
|
||
type: array
|
||
type: object
|
||
paths:
|
||
description: Lists paths to provide to ytt explicitly
|
||
(optional)
|
||
items:
|
||
type: string
|
||
type: array
|
||
strict:
|
||
description: Forces strict mode https://github.com/k14s/ytt/blob/develop/docs/strict.md
|
||
(optional; default=false)
|
||
type: boolean
|
||
valuesFrom:
|
||
description: Provide values via ytt's --data-values-file
|
||
(optional; v0.19.0-alpha.9)
|
||
items:
|
||
properties:
|
||
configMapRef:
|
||
properties:
|
||
name:
|
||
type: string
|
||
type: object
|
||
downwardAPI:
|
||
properties:
|
||
items:
|
||
items:
|
||
properties:
|
||
fieldPath:
|
||
description: 'Required: Selects
|
||
a field of the app: only annotations,
|
||
labels, uid, name and namespace
|
||
are supported.'
|
||
type: string
|
||
kappControllerVersion:
|
||
description: 'Optional: Get running
|
||
KappController version, defaults
|
||
(empty) to retrieving the current
|
||
running version.. Can be manually
|
||
supplied instead.'
|
||
properties:
|
||
version:
|
||
type: string
|
||
type: object
|
||
kubernetesAPIs:
|
||
description: 'Optional: Get running
|
||
KubernetesAPIs from cluster, defaults
|
||
(empty) to retrieving the APIs
|
||
from the cluster. Can be manually
|
||
supplied instead, e.g ["group/version",
|
||
"group2/version2"]'
|
||
properties:
|
||
groupVersions:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
kubernetesVersion:
|
||
description: 'Optional: Get running
|
||
Kubernetes version from cluster,
|
||
defaults (empty) to retrieving
|
||
the version from the cluster.
|
||
Can be manually supplied instead.'
|
||
properties:
|
||
version:
|
||
type: string
|
||
type: object
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: array
|
||
type: object
|
||
path:
|
||
type: string
|
||
secretRef:
|
||
properties:
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: object
|
||
type: array
|
||
type: object
|
||
type: object
|
||
type: array
|
||
type: object
|
||
required:
|
||
- spec
|
||
type: object
|
||
valuesSchema:
|
||
description: valuesSchema can be used to show template values that
|
||
can be configured by users when a Package is installed in an OpenAPI
|
||
schema format.
|
||
properties:
|
||
openAPIv3:
|
||
nullable: true
|
||
type: object
|
||
x-kubernetes-preserve-unknown-fields: true
|
||
type: object
|
||
version:
|
||
description: Package version; Referenced by PackageInstall; Must be
|
||
valid semver (required) Cannot be empty
|
||
type: string
|
||
type: object
|
||
required:
|
||
- spec
|
||
type: object
|
||
served: true
|
||
storage: true
|
||
subresources:
|
||
status: {}
|
||
---
|
||
apiVersion: apiextensions.k8s.io/v1
|
||
kind: CustomResourceDefinition
|
||
metadata:
|
||
name: apps.kappctrl.k14s.io
|
||
spec:
|
||
group: kappctrl.k14s.io
|
||
names:
|
||
categories:
|
||
- carvel
|
||
kind: App
|
||
listKind: AppList
|
||
plural: apps
|
||
singular: app
|
||
scope: Namespaced
|
||
versions:
|
||
- additionalPrinterColumns:
|
||
- description: Friendly description
|
||
jsonPath: .status.friendlyDescription
|
||
name: Description
|
||
type: string
|
||
- description: Last time app started being deployed. Does not mean anything was
|
||
changed.
|
||
jsonPath: .status.deploy.startedAt
|
||
name: Since-Deploy
|
||
type: date
|
||
- description: Time since creation
|
||
jsonPath: .metadata.creationTimestamp
|
||
name: Age
|
||
type: date
|
||
name: v1alpha1
|
||
schema:
|
||
openAPIV3Schema:
|
||
description: 'An App is a set of Kubernetes resources. These resources could
|
||
span any number of namespaces or could be cluster-wide (e.g. CRDs). An App
|
||
is represented in kapp-controller using a App CR. The App CR comprises of
|
||
three main sections: spec.fetch – declare source for fetching configuration
|
||
and OCI images spec.template – declare templating tool and values spec.deploy
|
||
– declare deployment tool and any deploy specific configuration'
|
||
properties:
|
||
apiVersion:
|
||
description: 'APIVersion defines the versioned schema of this representation
|
||
of an object. Servers should convert recognized schemas to the latest
|
||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||
type: string
|
||
kind:
|
||
description: 'Kind is a string value representing the REST resource this
|
||
object represents. Servers may infer this from the endpoint the client
|
||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||
type: string
|
||
metadata:
|
||
type: object
|
||
spec:
|
||
properties:
|
||
canceled:
|
||
description: Cancels current and future reconciliations (optional;
|
||
default=false)
|
||
type: boolean
|
||
cluster:
|
||
description: Specifies that app should be deployed to destination
|
||
cluster; by default, cluster is same as where this resource resides
|
||
(optional; v0.5.0+)
|
||
properties:
|
||
kubeconfigSecretRef:
|
||
description: Specifies secret containing kubeconfig (required)
|
||
properties:
|
||
key:
|
||
description: Specifies key that contains kubeconfig (optional)
|
||
type: string
|
||
name:
|
||
description: Specifies secret name within app's namespace
|
||
(required)
|
||
type: string
|
||
type: object
|
||
namespace:
|
||
description: Specifies namespace in destination cluster (optional)
|
||
type: string
|
||
type: object
|
||
deploy:
|
||
items:
|
||
properties:
|
||
kapp:
|
||
description: Use kapp to deploy resources
|
||
properties:
|
||
delete:
|
||
description: Configuration for delete command (optional)
|
||
properties:
|
||
rawOptions:
|
||
description: Pass through options to kapp delete (optional)
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
inspect:
|
||
description: 'Configuration for inspect command (optional)
|
||
as of kapp-controller v0.31.0, inspect is disabled by
|
||
default add rawOptions or use an empty inspect config
|
||
like `inspect: {}` to enable'
|
||
properties:
|
||
rawOptions:
|
||
description: Pass through options to kapp inspect (optional)
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
intoNs:
|
||
description: Override namespace for all resources (optional)
|
||
type: string
|
||
mapNs:
|
||
description: Provide custom namespace override mapping (optional)
|
||
items:
|
||
type: string
|
||
type: array
|
||
rawOptions:
|
||
description: Pass through options to kapp deploy (optional)
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
type: object
|
||
type: array
|
||
fetch:
|
||
items:
|
||
properties:
|
||
git:
|
||
description: Uses git to clone repository
|
||
properties:
|
||
lfsSkipSmudge:
|
||
description: Skip lfs download (optional)
|
||
type: boolean
|
||
ref:
|
||
description: Branch, tag, commit; origin is the name of
|
||
the remote (optional)
|
||
type: string
|
||
refSelection:
|
||
description: Specifies a strategy to resolve to an explicit
|
||
ref (optional; v0.24.0+)
|
||
properties:
|
||
semver:
|
||
properties:
|
||
constraints:
|
||
type: string
|
||
prereleases:
|
||
properties:
|
||
identifiers:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
type: object
|
||
type: object
|
||
secretRef:
|
||
description: 'Secret with auth details. allowed keys: ssh-privatekey,
|
||
ssh-knownhosts, username, password (optional) (if ssh-knownhosts
|
||
is not specified, git will not perform strict host checking)'
|
||
properties:
|
||
name:
|
||
description: Object is expected to be within same namespace
|
||
type: string
|
||
type: object
|
||
subPath:
|
||
description: Grab only portion of repository (optional)
|
||
type: string
|
||
url:
|
||
description: http or ssh urls are supported (required)
|
||
type: string
|
||
type: object
|
||
helmChart:
|
||
description: Uses helm fetch to fetch specified chart
|
||
properties:
|
||
name:
|
||
description: 'Example: stable/redis'
|
||
type: string
|
||
repository:
|
||
properties:
|
||
secretRef:
|
||
properties:
|
||
name:
|
||
description: Object is expected to be within same
|
||
namespace
|
||
type: string
|
||
type: object
|
||
url:
|
||
description: Repository url; scheme of oci:// will fetch
|
||
experimental helm oci chart (v0.19.0+) (required)
|
||
type: string
|
||
type: object
|
||
version:
|
||
type: string
|
||
type: object
|
||
http:
|
||
description: Uses http library to fetch file
|
||
properties:
|
||
secretRef:
|
||
description: 'Secret to provide auth details (optional)
|
||
Secret may include one or more keys: username, password'
|
||
properties:
|
||
name:
|
||
description: Object is expected to be within same namespace
|
||
type: string
|
||
type: object
|
||
sha256:
|
||
description: Checksum to verify after download (optional)
|
||
type: string
|
||
subPath:
|
||
description: Grab only portion of download (optional)
|
||
type: string
|
||
url:
|
||
description: 'URL can point to one of following formats:
|
||
text, tgz, zip http and https url are supported; plain
|
||
file, tgz and tar types are supported (required)'
|
||
type: string
|
||
type: object
|
||
image:
|
||
description: Pulls content from Docker/OCI registry
|
||
properties:
|
||
secretRef:
|
||
description: 'Secret may include one or more keys: username,
|
||
password, token. By default anonymous access is used for
|
||
authentication.'
|
||
properties:
|
||
name:
|
||
description: Object is expected to be within same namespace
|
||
type: string
|
||
type: object
|
||
subPath:
|
||
description: Grab only portion of image (optional)
|
||
type: string
|
||
tagSelection:
|
||
description: Specifies a strategy to choose a tag (optional;
|
||
v0.24.0+) if specified, do not include a tag in url key
|
||
properties:
|
||
semver:
|
||
properties:
|
||
constraints:
|
||
type: string
|
||
prereleases:
|
||
properties:
|
||
identifiers:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
type: object
|
||
type: object
|
||
url:
|
||
description: 'Docker image url; unqualified, tagged, or
|
||
digest references supported (required) Example: username/app1-config:v0.1.0'
|
||
type: string
|
||
type: object
|
||
imgpkgBundle:
|
||
description: Pulls imgpkg bundle from Docker/OCI registry (v0.17.0+)
|
||
properties:
|
||
image:
|
||
description: Docker image url; unqualified, tagged, or digest
|
||
references supported (required)
|
||
type: string
|
||
secretRef:
|
||
description: 'Secret may include one or more keys: username,
|
||
password, token. By default anonymous access is used for
|
||
authentication.'
|
||
properties:
|
||
name:
|
||
description: Object is expected to be within same namespace
|
||
type: string
|
||
type: object
|
||
tagSelection:
|
||
description: Specifies a strategy to choose a tag (optional;
|
||
v0.24.0+) if specified, do not include a tag in url key
|
||
properties:
|
||
semver:
|
||
properties:
|
||
constraints:
|
||
type: string
|
||
prereleases:
|
||
properties:
|
||
identifiers:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
type: object
|
||
type: object
|
||
type: object
|
||
inline:
|
||
description: Pulls content from within this resource; or other
|
||
resources in the cluster
|
||
properties:
|
||
paths:
|
||
additionalProperties:
|
||
type: string
|
||
description: Specifies mapping of paths to their content;
|
||
not recommended for sensitive values as CR is not encrypted
|
||
(optional)
|
||
type: object
|
||
pathsFrom:
|
||
description: Specifies content via secrets and config maps;
|
||
data values are recommended to be placed in secrets (optional)
|
||
items:
|
||
properties:
|
||
configMapRef:
|
||
properties:
|
||
directoryPath:
|
||
description: Specifies where to place files found
|
||
in secret (optional)
|
||
type: string
|
||
name:
|
||
type: string
|
||
type: object
|
||
secretRef:
|
||
properties:
|
||
directoryPath:
|
||
description: Specifies where to place files found
|
||
in secret (optional)
|
||
type: string
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: object
|
||
type: array
|
||
type: object
|
||
path:
|
||
description: Relative path to place the fetched artifacts
|
||
type: string
|
||
type: object
|
||
type: array
|
||
noopDelete:
|
||
description: Deletion requests for the App will result in the App
|
||
CR being deleted, but its associated resources will not be deleted
|
||
(optional; default=false; v0.18.0+)
|
||
type: boolean
|
||
paused:
|
||
description: Pauses _future_ reconciliation; does _not_ affect currently
|
||
running reconciliation (optional; default=false)
|
||
type: boolean
|
||
serviceAccountName:
|
||
description: Specifies that app should be deployed authenticated via
|
||
given service account, found in this namespace (optional; v0.6.0+)
|
||
type: string
|
||
syncPeriod:
|
||
description: Specifies the length of time to wait, in time + unit
|
||
format, before reconciling. Always >= 30s. If value below 30s is
|
||
specified, 30s will be used. (optional; v0.9.0+; default=30s)
|
||
type: string
|
||
template:
|
||
items:
|
||
properties:
|
||
cue:
|
||
properties:
|
||
inputExpression:
|
||
description: Cue expression for single path component, can
|
||
be used to unify ValuesFrom into a given field (optional)
|
||
type: string
|
||
outputExpression:
|
||
description: Cue expression to output, default will export
|
||
all visible fields (optional)
|
||
type: string
|
||
paths:
|
||
description: Explicit list of files/directories (optional)
|
||
items:
|
||
type: string
|
||
type: array
|
||
valuesFrom:
|
||
description: Provide values (optional)
|
||
items:
|
||
properties:
|
||
configMapRef:
|
||
properties:
|
||
name:
|
||
type: string
|
||
type: object
|
||
downwardAPI:
|
||
properties:
|
||
items:
|
||
items:
|
||
properties:
|
||
fieldPath:
|
||
description: 'Required: Selects a field
|
||
of the app: only annotations, labels,
|
||
uid, name and namespace are supported.'
|
||
type: string
|
||
kappControllerVersion:
|
||
description: 'Optional: Get running KappController
|
||
version, defaults (empty) to retrieving
|
||
the current running version.. Can be manually
|
||
supplied instead.'
|
||
properties:
|
||
version:
|
||
type: string
|
||
type: object
|
||
kubernetesAPIs:
|
||
description: 'Optional: Get running KubernetesAPIs
|
||
from cluster, defaults (empty) to retrieving
|
||
the APIs from the cluster. Can be manually
|
||
supplied instead, e.g ["group/version",
|
||
"group2/version2"]'
|
||
properties:
|
||
groupVersions:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
kubernetesVersion:
|
||
description: 'Optional: Get running Kubernetes
|
||
version from cluster, defaults (empty)
|
||
to retrieving the version from the cluster.
|
||
Can be manually supplied instead.'
|
||
properties:
|
||
version:
|
||
type: string
|
||
type: object
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: array
|
||
type: object
|
||
path:
|
||
type: string
|
||
secretRef:
|
||
properties:
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: object
|
||
type: array
|
||
type: object
|
||
helmTemplate:
|
||
description: Use helm template command to render helm chart
|
||
properties:
|
||
kubernetesAPIs:
|
||
description: 'Optional: Use kubernetes group/versions resources
|
||
available in the live cluster'
|
||
properties:
|
||
groupVersions:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
kubernetesVersion:
|
||
description: 'Optional: Get Kubernetes version, defaults
|
||
(empty) to retrieving the version from the cluster. Can
|
||
be manually overridden to a value instead.'
|
||
properties:
|
||
version:
|
||
type: string
|
||
type: object
|
||
name:
|
||
description: Set name explicitly, default is App CR's name
|
||
(optional; v0.13.0+)
|
||
type: string
|
||
namespace:
|
||
description: Set namespace explicitly, default is App CR's
|
||
namespace (optional; v0.13.0+)
|
||
type: string
|
||
path:
|
||
description: Path to chart (optional; v0.13.0+)
|
||
type: string
|
||
valuesFrom:
|
||
description: One or more secrets, config maps, paths that
|
||
provide values (optional)
|
||
items:
|
||
properties:
|
||
configMapRef:
|
||
properties:
|
||
name:
|
||
type: string
|
||
type: object
|
||
downwardAPI:
|
||
properties:
|
||
items:
|
||
items:
|
||
properties:
|
||
fieldPath:
|
||
description: 'Required: Selects a field
|
||
of the app: only annotations, labels,
|
||
uid, name and namespace are supported.'
|
||
type: string
|
||
kappControllerVersion:
|
||
description: 'Optional: Get running KappController
|
||
version, defaults (empty) to retrieving
|
||
the current running version.. Can be manually
|
||
supplied instead.'
|
||
properties:
|
||
version:
|
||
type: string
|
||
type: object
|
||
kubernetesAPIs:
|
||
description: 'Optional: Get running KubernetesAPIs
|
||
from cluster, defaults (empty) to retrieving
|
||
the APIs from the cluster. Can be manually
|
||
supplied instead, e.g ["group/version",
|
||
"group2/version2"]'
|
||
properties:
|
||
groupVersions:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
kubernetesVersion:
|
||
description: 'Optional: Get running Kubernetes
|
||
version from cluster, defaults (empty)
|
||
to retrieving the version from the cluster.
|
||
Can be manually supplied instead.'
|
||
properties:
|
||
version:
|
||
type: string
|
||
type: object
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: array
|
||
type: object
|
||
path:
|
||
type: string
|
||
secretRef:
|
||
properties:
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: object
|
||
type: array
|
||
type: object
|
||
jsonnet:
|
||
description: TODO implement jsonnet
|
||
type: object
|
||
kbld:
|
||
description: Use kbld to resolve image references to use digests
|
||
properties:
|
||
paths:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
kustomize:
|
||
description: TODO implement kustomize
|
||
type: object
|
||
sops:
|
||
description: Use sops to decrypt *.sops.yml files (optional;
|
||
v0.11.0+)
|
||
properties:
|
||
age:
|
||
properties:
|
||
privateKeysSecretRef:
|
||
description: Secret with private armored PGP private
|
||
keys (required)
|
||
properties:
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: object
|
||
paths:
|
||
description: Lists paths to decrypt explicitly (optional;
|
||
v0.13.0+)
|
||
items:
|
||
type: string
|
||
type: array
|
||
pgp:
|
||
description: Use PGP to decrypt files (required)
|
||
properties:
|
||
privateKeysSecretRef:
|
||
description: Secret with private armored PGP private
|
||
keys (required)
|
||
properties:
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: object
|
||
type: object
|
||
ytt:
|
||
description: Use ytt to template configuration
|
||
properties:
|
||
fileMarks:
|
||
description: Control metadata about input files passed to
|
||
ytt (optional; v0.18.0+) see https://carvel.dev/ytt/docs/latest/file-marks/
|
||
for more details
|
||
items:
|
||
type: string
|
||
type: array
|
||
ignoreUnknownComments:
|
||
description: Ignores comments that ytt doesn't recognize
|
||
(optional; default=false)
|
||
type: boolean
|
||
inline:
|
||
description: Specify additional files, including data values
|
||
(optional)
|
||
properties:
|
||
paths:
|
||
additionalProperties:
|
||
type: string
|
||
description: Specifies mapping of paths to their content;
|
||
not recommended for sensitive values as CR is not
|
||
encrypted (optional)
|
||
type: object
|
||
pathsFrom:
|
||
description: Specifies content via secrets and config
|
||
maps; data values are recommended to be placed in
|
||
secrets (optional)
|
||
items:
|
||
properties:
|
||
configMapRef:
|
||
properties:
|
||
directoryPath:
|
||
description: Specifies where to place files
|
||
found in secret (optional)
|
||
type: string
|
||
name:
|
||
type: string
|
||
type: object
|
||
secretRef:
|
||
properties:
|
||
directoryPath:
|
||
description: Specifies where to place files
|
||
found in secret (optional)
|
||
type: string
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: object
|
||
type: array
|
||
type: object
|
||
paths:
|
||
description: Lists paths to provide to ytt explicitly (optional)
|
||
items:
|
||
type: string
|
||
type: array
|
||
strict:
|
||
description: Forces strict mode https://github.com/k14s/ytt/blob/develop/docs/strict.md
|
||
(optional; default=false)
|
||
type: boolean
|
||
valuesFrom:
|
||
description: Provide values via ytt's --data-values-file
|
||
(optional; v0.19.0-alpha.9)
|
||
items:
|
||
properties:
|
||
configMapRef:
|
||
properties:
|
||
name:
|
||
type: string
|
||
type: object
|
||
downwardAPI:
|
||
properties:
|
||
items:
|
||
items:
|
||
properties:
|
||
fieldPath:
|
||
description: 'Required: Selects a field
|
||
of the app: only annotations, labels,
|
||
uid, name and namespace are supported.'
|
||
type: string
|
||
kappControllerVersion:
|
||
description: 'Optional: Get running KappController
|
||
version, defaults (empty) to retrieving
|
||
the current running version.. Can be manually
|
||
supplied instead.'
|
||
properties:
|
||
version:
|
||
type: string
|
||
type: object
|
||
kubernetesAPIs:
|
||
description: 'Optional: Get running KubernetesAPIs
|
||
from cluster, defaults (empty) to retrieving
|
||
the APIs from the cluster. Can be manually
|
||
supplied instead, e.g ["group/version",
|
||
"group2/version2"]'
|
||
properties:
|
||
groupVersions:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
kubernetesVersion:
|
||
description: 'Optional: Get running Kubernetes
|
||
version from cluster, defaults (empty)
|
||
to retrieving the version from the cluster.
|
||
Can be manually supplied instead.'
|
||
properties:
|
||
version:
|
||
type: string
|
||
type: object
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: array
|
||
type: object
|
||
path:
|
||
type: string
|
||
secretRef:
|
||
properties:
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: object
|
||
type: array
|
||
type: object
|
||
type: object
|
||
type: array
|
||
type: object
|
||
status:
|
||
properties:
|
||
conditions:
|
||
items:
|
||
properties:
|
||
message:
|
||
description: Human-readable message indicating details about
|
||
last transition.
|
||
type: string
|
||
reason:
|
||
description: Unique, this should be a short, machine understandable
|
||
string that gives the reason for condition's last transition.
|
||
If it reports "ResizeStarted" that means the underlying persistent
|
||
volume is being resized.
|
||
type: string
|
||
status:
|
||
type: string
|
||
type:
|
||
description: ConditionType represents reconciler state
|
||
type: string
|
||
required:
|
||
- status
|
||
- type
|
||
type: object
|
||
type: array
|
||
consecutiveReconcileFailures:
|
||
type: integer
|
||
consecutiveReconcileSuccesses:
|
||
type: integer
|
||
deploy:
|
||
properties:
|
||
error:
|
||
type: string
|
||
exitCode:
|
||
type: integer
|
||
finished:
|
||
type: boolean
|
||
kapp:
|
||
description: KappDeployStatus contains the associated AppCR deployed
|
||
resources
|
||
properties:
|
||
associatedResources:
|
||
description: AssociatedResources contains the associated App
|
||
label, namespaces and GKs
|
||
properties:
|
||
groupKinds:
|
||
items:
|
||
description: GroupKind specifies a Group and a Kind,
|
||
but does not force a version. This is useful for
|
||
identifying concepts during lookup stages without
|
||
having partially valid types
|
||
properties:
|
||
group:
|
||
type: string
|
||
kind:
|
||
type: string
|
||
required:
|
||
- group
|
||
- kind
|
||
type: object
|
||
type: array
|
||
label:
|
||
type: string
|
||
namespaces:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
type: object
|
||
startedAt:
|
||
format: date-time
|
||
type: string
|
||
stderr:
|
||
type: string
|
||
stdout:
|
||
type: string
|
||
updatedAt:
|
||
format: date-time
|
||
type: string
|
||
type: object
|
||
fetch:
|
||
properties:
|
||
error:
|
||
type: string
|
||
exitCode:
|
||
type: integer
|
||
startedAt:
|
||
format: date-time
|
||
type: string
|
||
stderr:
|
||
type: string
|
||
stdout:
|
||
type: string
|
||
updatedAt:
|
||
format: date-time
|
||
type: string
|
||
type: object
|
||
friendlyDescription:
|
||
type: string
|
||
inspect:
|
||
properties:
|
||
error:
|
||
type: string
|
||
exitCode:
|
||
type: integer
|
||
stderr:
|
||
type: string
|
||
stdout:
|
||
type: string
|
||
updatedAt:
|
||
format: date-time
|
||
type: string
|
||
type: object
|
||
managedAppName:
|
||
type: string
|
||
observedGeneration:
|
||
description: Populated based on metadata.generation when controller
|
||
observes a change to the resource; if this value is out of data,
|
||
other status fields do not reflect latest state
|
||
format: int64
|
||
type: integer
|
||
template:
|
||
properties:
|
||
error:
|
||
type: string
|
||
exitCode:
|
||
type: integer
|
||
stderr:
|
||
type: string
|
||
updatedAt:
|
||
format: date-time
|
||
type: string
|
||
type: object
|
||
usefulErrorMessage:
|
||
type: string
|
||
type: object
|
||
required:
|
||
- spec
|
||
type: object
|
||
served: true
|
||
storage: true
|
||
subresources:
|
||
status: {}
|
||
---
|
||
apiVersion: apiextensions.k8s.io/v1
|
||
kind: CustomResourceDefinition
|
||
metadata:
|
||
name: packageinstalls.packaging.carvel.dev
|
||
spec:
|
||
group: packaging.carvel.dev
|
||
names:
|
||
categories:
|
||
- carvel
|
||
kind: PackageInstall
|
||
listKind: PackageInstallList
|
||
plural: packageinstalls
|
||
shortNames:
|
||
- pkgi
|
||
singular: packageinstall
|
||
scope: Namespaced
|
||
versions:
|
||
- additionalPrinterColumns:
|
||
- description: PackageMetadata name
|
||
jsonPath: .spec.packageRef.refName
|
||
name: Package name
|
||
type: string
|
||
- description: PackageMetadata version
|
||
jsonPath: .status.version
|
||
name: Package version
|
||
type: string
|
||
- description: Friendly description
|
||
jsonPath: .status.friendlyDescription
|
||
name: Description
|
||
type: string
|
||
- description: Time since creation
|
||
jsonPath: .metadata.creationTimestamp
|
||
name: Age
|
||
type: date
|
||
name: v1alpha1
|
||
schema:
|
||
openAPIV3Schema:
|
||
description: A Package Install is an actual installation of a package and
|
||
its underlying resources on a Kubernetes cluster. It is represented in kapp-controller
|
||
by a PackageInstall CR. A PackageInstall CR must reference a Package CR.
|
||
properties:
|
||
apiVersion:
|
||
description: 'APIVersion defines the versioned schema of this representation
|
||
of an object. Servers should convert recognized schemas to the latest
|
||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||
type: string
|
||
kind:
|
||
description: 'Kind is a string value representing the REST resource this
|
||
object represents. Servers may infer this from the endpoint the client
|
||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||
type: string
|
||
metadata:
|
||
type: object
|
||
spec:
|
||
properties:
|
||
canceled:
|
||
description: Canceled when set to true will stop all active changes
|
||
type: boolean
|
||
cluster:
|
||
description: Specifies that Package should be deployed to destination
|
||
cluster; by default, cluster is same as where this resource resides
|
||
(optional)
|
||
properties:
|
||
kubeconfigSecretRef:
|
||
description: Specifies secret containing kubeconfig (required)
|
||
properties:
|
||
key:
|
||
description: Specifies key that contains kubeconfig (optional)
|
||
type: string
|
||
name:
|
||
description: Specifies secret name within app's namespace
|
||
(required)
|
||
type: string
|
||
type: object
|
||
namespace:
|
||
description: Specifies namespace in destination cluster (optional)
|
||
type: string
|
||
type: object
|
||
noopDelete:
|
||
description: When NoopDelete set to true, PackageInstall deletion
|
||
should delete PackageInstall/App CR but preserve App's associated
|
||
resources.
|
||
type: boolean
|
||
packageRef:
|
||
description: Specifies the name of the package to install (required)
|
||
properties:
|
||
refName:
|
||
type: string
|
||
versionSelection:
|
||
properties:
|
||
constraints:
|
||
type: string
|
||
prereleases:
|
||
properties:
|
||
identifiers:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
type: object
|
||
type: object
|
||
paused:
|
||
description: Paused when set to true will ignore all pending changes,
|
||
once it set back to false, pending changes will be applied
|
||
type: boolean
|
||
serviceAccountName:
|
||
description: Specifies service account that will be used to install
|
||
underlying package contents
|
||
type: string
|
||
syncPeriod:
|
||
description: Controls frequency of App reconciliation in time + unit
|
||
format. Always >= 30s. If value below 30s is specified, 30s will
|
||
be used.
|
||
type: string
|
||
values:
|
||
description: Values to be included in package's templating step (currently
|
||
only included in the first templating step) (optional)
|
||
items:
|
||
properties:
|
||
secretRef:
|
||
properties:
|
||
key:
|
||
type: string
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: object
|
||
type: array
|
||
type: object
|
||
status:
|
||
properties:
|
||
conditions:
|
||
items:
|
||
properties:
|
||
message:
|
||
description: Human-readable message indicating details about
|
||
last transition.
|
||
type: string
|
||
reason:
|
||
description: Unique, this should be a short, machine understandable
|
||
string that gives the reason for condition's last transition.
|
||
If it reports "ResizeStarted" that means the underlying persistent
|
||
volume is being resized.
|
||
type: string
|
||
status:
|
||
type: string
|
||
type:
|
||
description: ConditionType represents reconciler state
|
||
type: string
|
||
required:
|
||
- status
|
||
- type
|
||
type: object
|
||
type: array
|
||
friendlyDescription:
|
||
type: string
|
||
lastAttemptedVersion:
|
||
description: LastAttemptedVersion specifies what version was last
|
||
attempted to be installed. It does _not_ indicate it was successfully
|
||
installed.
|
||
type: string
|
||
observedGeneration:
|
||
description: Populated based on metadata.generation when controller
|
||
observes a change to the resource; if this value is out of data,
|
||
other status fields do not reflect latest state
|
||
format: int64
|
||
type: integer
|
||
usefulErrorMessage:
|
||
type: string
|
||
version:
|
||
description: TODO this is desired resolved version (not actually deployed)
|
||
type: string
|
||
type: object
|
||
required:
|
||
- spec
|
||
type: object
|
||
served: true
|
||
storage: true
|
||
subresources:
|
||
status: {}
|
||
---
|
||
apiVersion: apiextensions.k8s.io/v1
|
||
kind: CustomResourceDefinition
|
||
metadata:
|
||
annotations:
|
||
packaging.carvel.dev/global-namespace: kapp-controller-packaging-global
|
||
name: packagerepositories.packaging.carvel.dev
|
||
spec:
|
||
group: packaging.carvel.dev
|
||
names:
|
||
categories:
|
||
- carvel
|
||
kind: PackageRepository
|
||
listKind: PackageRepositoryList
|
||
plural: packagerepositories
|
||
shortNames:
|
||
- pkgr
|
||
singular: packagerepository
|
||
scope: Namespaced
|
||
versions:
|
||
- additionalPrinterColumns:
|
||
- description: Time since creation
|
||
jsonPath: .metadata.creationTimestamp
|
||
name: Age
|
||
type: date
|
||
- description: Friendly description
|
||
jsonPath: .status.friendlyDescription
|
||
name: Description
|
||
type: string
|
||
name: v1alpha1
|
||
schema:
|
||
openAPIV3Schema:
|
||
description: A package repository is a collection of packages and their metadata.
|
||
Similar to a maven repository or a rpm repository, adding a package repository
|
||
to a cluster gives users of that cluster the ability to install any of the
|
||
packages from that repository.
|
||
properties:
|
||
apiVersion:
|
||
description: 'APIVersion defines the versioned schema of this representation
|
||
of an object. Servers should convert recognized schemas to the latest
|
||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||
type: string
|
||
kind:
|
||
description: 'Kind is a string value representing the REST resource this
|
||
object represents. Servers may infer this from the endpoint the client
|
||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||
type: string
|
||
metadata:
|
||
type: object
|
||
spec:
|
||
properties:
|
||
fetch:
|
||
properties:
|
||
git:
|
||
description: Uses git to clone repository containing package list
|
||
properties:
|
||
lfsSkipSmudge:
|
||
description: Skip lfs download (optional)
|
||
type: boolean
|
||
ref:
|
||
description: Branch, tag, commit; origin is the name of the
|
||
remote (optional)
|
||
type: string
|
||
refSelection:
|
||
description: Specifies a strategy to resolve to an explicit
|
||
ref (optional; v0.24.0+)
|
||
properties:
|
||
semver:
|
||
properties:
|
||
constraints:
|
||
type: string
|
||
prereleases:
|
||
properties:
|
||
identifiers:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
type: object
|
||
type: object
|
||
secretRef:
|
||
description: 'Secret with auth details. allowed keys: ssh-privatekey,
|
||
ssh-knownhosts, username, password (optional) (if ssh-knownhosts
|
||
is not specified, git will not perform strict host checking)'
|
||
properties:
|
||
name:
|
||
description: Object is expected to be within same namespace
|
||
type: string
|
||
type: object
|
||
subPath:
|
||
description: Grab only portion of repository (optional)
|
||
type: string
|
||
url:
|
||
description: http or ssh urls are supported (required)
|
||
type: string
|
||
type: object
|
||
http:
|
||
description: Uses http library to fetch file containing packages
|
||
properties:
|
||
secretRef:
|
||
description: 'Secret to provide auth details (optional) Secret
|
||
may include one or more keys: username, password'
|
||
properties:
|
||
name:
|
||
description: Object is expected to be within same namespace
|
||
type: string
|
||
type: object
|
||
sha256:
|
||
description: Checksum to verify after download (optional)
|
||
type: string
|
||
subPath:
|
||
description: Grab only portion of download (optional)
|
||
type: string
|
||
url:
|
||
description: 'URL can point to one of following formats: text,
|
||
tgz, zip http and https url are supported; plain file, tgz
|
||
and tar types are supported (required)'
|
||
type: string
|
||
type: object
|
||
image:
|
||
description: Image url; unqualified, tagged, or digest references
|
||
supported (required)
|
||
properties:
|
||
secretRef:
|
||
description: 'Secret may include one or more keys: username,
|
||
password, token. By default anonymous access is used for
|
||
authentication.'
|
||
properties:
|
||
name:
|
||
description: Object is expected to be within same namespace
|
||
type: string
|
||
type: object
|
||
subPath:
|
||
description: Grab only portion of image (optional)
|
||
type: string
|
||
tagSelection:
|
||
description: Specifies a strategy to choose a tag (optional;
|
||
v0.24.0+) if specified, do not include a tag in url key
|
||
properties:
|
||
semver:
|
||
properties:
|
||
constraints:
|
||
type: string
|
||
prereleases:
|
||
properties:
|
||
identifiers:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
type: object
|
||
type: object
|
||
url:
|
||
description: 'Docker image url; unqualified, tagged, or digest
|
||
references supported (required) Example: username/app1-config:v0.1.0'
|
||
type: string
|
||
type: object
|
||
imgpkgBundle:
|
||
description: Pulls imgpkg bundle from Docker/OCI registry
|
||
properties:
|
||
image:
|
||
description: Docker image url; unqualified, tagged, or digest
|
||
references supported (required)
|
||
type: string
|
||
secretRef:
|
||
description: 'Secret may include one or more keys: username,
|
||
password, token. By default anonymous access is used for
|
||
authentication.'
|
||
properties:
|
||
name:
|
||
description: Object is expected to be within same namespace
|
||
type: string
|
||
type: object
|
||
tagSelection:
|
||
description: Specifies a strategy to choose a tag (optional;
|
||
v0.24.0+) if specified, do not include a tag in url key
|
||
properties:
|
||
semver:
|
||
properties:
|
||
constraints:
|
||
type: string
|
||
prereleases:
|
||
properties:
|
||
identifiers:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
type: object
|
||
type: object
|
||
type: object
|
||
inline:
|
||
description: Pull content from within this resource; or other
|
||
resources in the cluster
|
||
properties:
|
||
paths:
|
||
additionalProperties:
|
||
type: string
|
||
description: Specifies mapping of paths to their content;
|
||
not recommended for sensitive values as CR is not encrypted
|
||
(optional)
|
||
type: object
|
||
pathsFrom:
|
||
description: Specifies content via secrets and config maps;
|
||
data values are recommended to be placed in secrets (optional)
|
||
items:
|
||
properties:
|
||
configMapRef:
|
||
properties:
|
||
directoryPath:
|
||
description: Specifies where to place files found
|
||
in secret (optional)
|
||
type: string
|
||
name:
|
||
type: string
|
||
type: object
|
||
secretRef:
|
||
properties:
|
||
directoryPath:
|
||
description: Specifies where to place files found
|
||
in secret (optional)
|
||
type: string
|
||
name:
|
||
type: string
|
||
type: object
|
||
type: object
|
||
type: array
|
||
type: object
|
||
type: object
|
||
paused:
|
||
description: Paused when set to true will ignore all pending changes,
|
||
once it set back to false, pending changes will be applied
|
||
type: boolean
|
||
syncPeriod:
|
||
description: Controls frequency of PackageRepository reconciliation
|
||
type: string
|
||
required:
|
||
- fetch
|
||
type: object
|
||
status:
|
||
properties:
|
||
conditions:
|
||
items:
|
||
properties:
|
||
message:
|
||
description: Human-readable message indicating details about
|
||
last transition.
|
||
type: string
|
||
reason:
|
||
description: Unique, this should be a short, machine understandable
|
||
string that gives the reason for condition's last transition.
|
||
If it reports "ResizeStarted" that means the underlying persistent
|
||
volume is being resized.
|
||
type: string
|
||
status:
|
||
type: string
|
||
type:
|
||
description: ConditionType represents reconciler state
|
||
type: string
|
||
required:
|
||
- status
|
||
- type
|
||
type: object
|
||
type: array
|
||
consecutiveReconcileFailures:
|
||
type: integer
|
||
consecutiveReconcileSuccesses:
|
||
type: integer
|
||
deploy:
|
||
properties:
|
||
error:
|
||
type: string
|
||
exitCode:
|
||
type: integer
|
||
finished:
|
||
type: boolean
|
||
kapp:
|
||
description: KappDeployStatus contains the associated AppCR deployed
|
||
resources
|
||
properties:
|
||
associatedResources:
|
||
description: AssociatedResources contains the associated App
|
||
label, namespaces and GKs
|
||
properties:
|
||
groupKinds:
|
||
items:
|
||
description: GroupKind specifies a Group and a Kind,
|
||
but does not force a version. This is useful for
|
||
identifying concepts during lookup stages without
|
||
having partially valid types
|
||
properties:
|
||
group:
|
||
type: string
|
||
kind:
|
||
type: string
|
||
required:
|
||
- group
|
||
- kind
|
||
type: object
|
||
type: array
|
||
label:
|
||
type: string
|
||
namespaces:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
type: object
|
||
startedAt:
|
||
format: date-time
|
||
type: string
|
||
stderr:
|
||
type: string
|
||
stdout:
|
||
type: string
|
||
updatedAt:
|
||
format: date-time
|
||
type: string
|
||
type: object
|
||
fetch:
|
||
properties:
|
||
error:
|
||
type: string
|
||
exitCode:
|
||
type: integer
|
||
startedAt:
|
||
format: date-time
|
||
type: string
|
||
stderr:
|
||
type: string
|
||
stdout:
|
||
type: string
|
||
updatedAt:
|
||
format: date-time
|
||
type: string
|
||
type: object
|
||
friendlyDescription:
|
||
type: string
|
||
observedGeneration:
|
||
description: Populated based on metadata.generation when controller
|
||
observes a change to the resource; if this value is out of data,
|
||
other status fields do not reflect latest state
|
||
format: int64
|
||
type: integer
|
||
template:
|
||
properties:
|
||
error:
|
||
type: string
|
||
exitCode:
|
||
type: integer
|
||
stderr:
|
||
type: string
|
||
updatedAt:
|
||
format: date-time
|
||
type: string
|
||
type: object
|
||
usefulErrorMessage:
|
||
type: string
|
||
type: object
|
||
required:
|
||
- spec
|
||
type: object
|
||
served: true
|
||
storage: true
|
||
subresources:
|
||
status: {}
|
||
---
|
||
apiVersion: apps/v1
|
||
kind: Deployment
|
||
metadata:
|
||
annotations:
|
||
kapp-controller.carvel.dev/version: v0.47.0
|
||
kbld.k14s.io/images: |
|
||
- origins:
|
||
- local:
|
||
path: /home/runner/work/kapp-controller/kapp-controller
|
||
- git:
|
||
dirty: true
|
||
remoteURL: https://github.com/carvel-dev/kapp-controller
|
||
sha: 2165849357e783c711ff11e500a8a763c3a7b0a5
|
||
tags:
|
||
- v0.47.0
|
||
url: ghcr.io/carvel-dev/kapp-controller@sha256:f07bedf5d757115462cac09c76ad5b10abcad5f2d7d89e093e4637f1027938d6
|
||
name: kapp-controller
|
||
namespace: kapp-controller
|
||
spec:
|
||
replicas: 1
|
||
revisionHistoryLimit: 0
|
||
selector:
|
||
matchLabels:
|
||
app: kapp-controller
|
||
template:
|
||
metadata:
|
||
labels:
|
||
app: kapp-controller
|
||
spec:
|
||
containers:
|
||
- args:
|
||
- -packaging-global-namespace=kapp-controller-packaging-global
|
||
- -enable-api-priority-and-fairness=True
|
||
- -tls-cipher-suites=
|
||
env:
|
||
- name: KAPPCTRL_MEM_TMP_DIR
|
||
value: /etc/kappctrl-mem-tmp
|
||
- name: KAPPCTRL_SIDECAREXEC_SOCK
|
||
value: /etc/kappctrl-mem-tmp/sidecarexec.sock
|
||
- name: KAPPCTRL_SYSTEM_NAMESPACE
|
||
valueFrom:
|
||
fieldRef:
|
||
fieldPath: metadata.namespace
|
||
- name: KAPPCTRL_API_PORT
|
||
value: "10350"
|
||
image: ghcr.io/carvel-dev/kapp-controller@sha256:f07bedf5d757115462cac09c76ad5b10abcad5f2d7d89e093e4637f1027938d6
|
||
name: kapp-controller
|
||
ports:
|
||
- containerPort: 10350
|
||
name: api
|
||
protocol: TCP
|
||
resources:
|
||
requests:
|
||
cpu: 120m
|
||
memory: 100Mi
|
||
securityContext:
|
||
allowPrivilegeEscalation: false
|
||
capabilities:
|
||
drop:
|
||
- ALL
|
||
readOnlyRootFilesystem: true
|
||
runAsNonRoot: true
|
||
volumeMounts:
|
||
- mountPath: /etc/kappctrl-mem-tmp
|
||
name: template-fs
|
||
- mountPath: /home/kapp-controller
|
||
name: home
|
||
- args:
|
||
- --sidecarexec
|
||
env:
|
||
- name: KAPPCTRL_SIDECAREXEC_SOCK
|
||
value: /etc/kappctrl-mem-tmp/sidecarexec.sock
|
||
- name: IMGPKG_ACTIVE_KEYCHAINS
|
||
value: gke,aks,ecr
|
||
image: ghcr.io/carvel-dev/kapp-controller@sha256:f07bedf5d757115462cac09c76ad5b10abcad5f2d7d89e093e4637f1027938d6
|
||
name: kapp-controller-sidecarexec
|
||
resources:
|
||
requests:
|
||
cpu: 120m
|
||
memory: 100Mi
|
||
securityContext:
|
||
allowPrivilegeEscalation: false
|
||
capabilities:
|
||
drop:
|
||
- ALL
|
||
readOnlyRootFilesystem: false
|
||
runAsNonRoot: true
|
||
volumeMounts:
|
||
- mountPath: /etc/kappctrl-mem-tmp
|
||
name: template-fs
|
||
- mountPath: /home/kapp-controller
|
||
name: home
|
||
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
|
||
name: empty-sa
|
||
serviceAccount: kapp-controller-sa
|
||
volumes:
|
||
- emptyDir:
|
||
medium: Memory
|
||
name: template-fs
|
||
- emptyDir:
|
||
medium: Memory
|
||
name: home
|
||
- emptyDir: {}
|
||
name: empty-sa
|
||
---
|
||
apiVersion: v1
|
||
kind: ServiceAccount
|
||
metadata:
|
||
name: kapp-controller-sa
|
||
namespace: kapp-controller
|
||
---
|
||
apiVersion: rbac.authorization.k8s.io/v1
|
||
kind: ClusterRole
|
||
metadata:
|
||
name: kapp-controller-cluster-role
|
||
rules:
|
||
- apiGroups:
|
||
- ""
|
||
resources:
|
||
- secrets
|
||
verbs:
|
||
- create
|
||
- get
|
||
- list
|
||
- watch
|
||
- apiGroups:
|
||
- ""
|
||
resources:
|
||
- serviceaccounts
|
||
verbs:
|
||
- get
|
||
- apiGroups:
|
||
- ""
|
||
resources:
|
||
- serviceaccounts/token
|
||
verbs:
|
||
- create
|
||
- apiGroups:
|
||
- kappctrl.k14s.io
|
||
resources:
|
||
- apps
|
||
- apps/status
|
||
verbs:
|
||
- '*'
|
||
- apiGroups:
|
||
- packaging.carvel.dev
|
||
resources:
|
||
- packageinstalls
|
||
- packageinstalls/status
|
||
- packageinstalls/finalizers
|
||
verbs:
|
||
- '*'
|
||
- apiGroups:
|
||
- packaging.carvel.dev
|
||
resources:
|
||
- packagerepositories
|
||
- packagerepositories/status
|
||
verbs:
|
||
- '*'
|
||
- apiGroups:
|
||
- internal.packaging.carvel.dev
|
||
resources:
|
||
- internalpackagemetadatas
|
||
verbs:
|
||
- '*'
|
||
- apiGroups:
|
||
- data.packaging.carvel.dev
|
||
resources:
|
||
- packagemetadatas
|
||
- packagemetadatas/status
|
||
verbs:
|
||
- '*'
|
||
- apiGroups:
|
||
- internal.packaging.carvel.dev
|
||
resources:
|
||
- internalpackages
|
||
verbs:
|
||
- '*'
|
||
- apiGroups:
|
||
- data.packaging.carvel.dev
|
||
resources:
|
||
- packages
|
||
- packages/status
|
||
verbs:
|
||
- '*'
|
||
- apiGroups:
|
||
- ""
|
||
resources:
|
||
- configmaps
|
||
verbs:
|
||
- '*'
|
||
- apiGroups:
|
||
- apiregistration.k8s.io
|
||
resources:
|
||
- apiservices
|
||
verbs:
|
||
- update
|
||
- get
|
||
- apiGroups:
|
||
- ""
|
||
resources:
|
||
- namespaces
|
||
verbs:
|
||
- list
|
||
- watch
|
||
- get
|
||
- update
|
||
- apiGroups:
|
||
- admissionregistration.k8s.io
|
||
resources:
|
||
- mutatingwebhookconfigurations
|
||
verbs:
|
||
- list
|
||
- watch
|
||
- apiGroups:
|
||
- admissionregistration.k8s.io
|
||
resources:
|
||
- validatingwebhookconfigurations
|
||
verbs:
|
||
- list
|
||
- watch
|
||
- apiGroups:
|
||
- authorization.k8s.io
|
||
resources:
|
||
- subjectaccessreviews
|
||
verbs:
|
||
- create
|
||
- apiGroups:
|
||
- flowcontrol.apiserver.k8s.io
|
||
resources:
|
||
- prioritylevelconfigurations
|
||
- flowschemas
|
||
verbs:
|
||
- list
|
||
- watch
|
||
---
|
||
apiVersion: rbac.authorization.k8s.io/v1
|
||
kind: ClusterRole
|
||
metadata:
|
||
name: kapp-controller-user-role
|
||
rules:
|
||
- apiGroups:
|
||
- ""
|
||
resources:
|
||
- secrets
|
||
verbs:
|
||
- create
|
||
- get
|
||
- list
|
||
- watch
|
||
- apiGroups:
|
||
- ""
|
||
resources:
|
||
- serviceaccounts
|
||
verbs:
|
||
- get
|
||
- apiGroups:
|
||
- ""
|
||
resources:
|
||
- serviceaccounts/token
|
||
verbs:
|
||
- create
|
||
- apiGroups:
|
||
- kappctrl.k14s.io
|
||
resources:
|
||
- apps
|
||
- apps/status
|
||
verbs:
|
||
- '*'
|
||
- apiGroups:
|
||
- packaging.carvel.dev
|
||
resources:
|
||
- packageinstalls
|
||
- packageinstalls/status
|
||
- packageinstalls/finalizers
|
||
verbs:
|
||
- '*'
|
||
- apiGroups:
|
||
- ""
|
||
resources:
|
||
- configmaps
|
||
verbs:
|
||
- '*'
|
||
- apiGroups:
|
||
- packaging.carvel.dev
|
||
resources:
|
||
- packagerepositories
|
||
- packagerepositories/status
|
||
verbs:
|
||
- get
|
||
- list
|
||
- watch
|
||
- apiGroups:
|
||
- internal.packaging.carvel.dev
|
||
resources:
|
||
- internalpackagemetadatas
|
||
verbs:
|
||
- get
|
||
- list
|
||
- watch
|
||
- apiGroups:
|
||
- data.packaging.carvel.dev
|
||
resources:
|
||
- packagemetadatas
|
||
- packagemetadatas/status
|
||
verbs:
|
||
- get
|
||
- list
|
||
- watch
|
||
- apiGroups:
|
||
- internal.packaging.carvel.dev
|
||
resources:
|
||
- internalpackages
|
||
verbs:
|
||
- get
|
||
- list
|
||
- watch
|
||
- apiGroups:
|
||
- data.packaging.carvel.dev
|
||
resources:
|
||
- packages
|
||
- packages/status
|
||
verbs:
|
||
- get
|
||
- list
|
||
- watch
|
||
---
|
||
apiVersion: rbac.authorization.k8s.io/v1
|
||
kind: ClusterRoleBinding
|
||
metadata:
|
||
name: kapp-controller-cluster-role-binding
|
||
roleRef:
|
||
apiGroup: rbac.authorization.k8s.io
|
||
kind: ClusterRole
|
||
name: kapp-controller-cluster-role
|
||
subjects:
|
||
- kind: ServiceAccount
|
||
name: kapp-controller-sa
|
||
namespace: kapp-controller
|
||
---
|
||
apiVersion: rbac.authorization.k8s.io/v1
|
||
kind: ClusterRoleBinding
|
||
metadata:
|
||
name: pkg-apiserver:system:auth-delegator
|
||
roleRef:
|
||
apiGroup: rbac.authorization.k8s.io
|
||
kind: ClusterRole
|
||
name: system:auth-delegator
|
||
subjects:
|
||
- kind: ServiceAccount
|
||
name: kapp-controller-sa
|
||
namespace: kapp-controller
|
||
---
|
||
apiVersion: rbac.authorization.k8s.io/v1
|
||
kind: RoleBinding
|
||
metadata:
|
||
name: pkgserver-auth-reader
|
||
namespace: kube-system
|
||
roleRef:
|
||
apiGroup: rbac.authorization.k8s.io
|
||
kind: Role
|
||
name: extension-apiserver-authentication-reader
|
||
subjects:
|
||
- kind: ServiceAccount
|
||
name: kapp-controller-sa
|
||
namespace: kapp-controller
|