-
Notifications
You must be signed in to change notification settings - Fork 2
/
bucket-source-v1.json
325 lines (325 loc) · 14.5 KB
/
bucket-source-v1.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
{
"description": "Bucket is the Schema for the buckets API.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "BucketSpec specifies the required configuration to produce an Artifact for\nan object storage bucket.",
"properties": {
"bucketName": {
"description": "BucketName is the name of the object storage bucket.",
"type": "string"
},
"certSecretRef": {
"description": "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand whichever are supplied, will be used for connecting to the\nbucket. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nThis field is only supported for the `generic` provider.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"endpoint": {
"description": "Endpoint is the object storage address the BucketName is located at.",
"type": "string"
},
"ignore": {
"description": "Ignore overrides the set of excluded patterns in the .sourceignore format\n(which is the same as .gitignore). If not provided, a default will be used,\nconsult the documentation for your version to find out what those are.",
"type": "string"
},
"insecure": {
"description": "Insecure allows connecting to a non-TLS HTTP Endpoint.",
"type": "boolean"
},
"interval": {
"description": "Interval at which the Bucket Endpoint is checked for updates.\nThis interval is approximate and may be subject to jitter to ensure\nefficient use of resources.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$",
"type": "string"
},
"prefix": {
"description": "Prefix to use for server-side filtering of files in the Bucket.",
"type": "string"
},
"provider": {
"default": "generic",
"description": "Provider of the object storage bucket.\nDefaults to 'generic', which expects an S3 (API) compatible object\nstorage.",
"enum": [
"generic",
"aws",
"gcp",
"azure"
],
"type": "string"
},
"proxySecretRef": {
"description": "ProxySecretRef specifies the Secret containing the proxy configuration\nto use while communicating with the Bucket server.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"region": {
"description": "Region of the Endpoint where the BucketName is located in.",
"type": "string"
},
"secretRef": {
"description": "SecretRef specifies the Secret containing authentication credentials\nfor the Bucket.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"sts": {
"description": "STS specifies the required configuration to use a Security Token\nService for fetching temporary credentials to authenticate in a\nBucket provider.\n\nThis field is only supported for the `aws` and `generic` providers.",
"properties": {
"certSecretRef": {
"description": "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand whichever are supplied, will be used for connecting to the\nSTS endpoint. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nThis field is only supported for the `ldap` provider.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"endpoint": {
"description": "Endpoint is the HTTP/S endpoint of the Security Token Service from\nwhere temporary credentials will be fetched.",
"pattern": "^(http|https)://.*$",
"type": "string"
},
"provider": {
"description": "Provider of the Security Token Service.",
"enum": [
"aws",
"ldap"
],
"type": "string"
},
"secretRef": {
"description": "SecretRef specifies the Secret containing authentication credentials\nfor the STS endpoint. This Secret must contain the fields `username`\nand `password` and is supported only for the `ldap` provider.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
}
},
"required": [
"endpoint",
"provider"
],
"type": "object",
"additionalProperties": false
},
"suspend": {
"description": "Suspend tells the controller to suspend the reconciliation of this\nBucket.",
"type": "boolean"
},
"timeout": {
"default": "60s",
"description": "Timeout for fetch operations, defaults to 60s.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m))+$",
"type": "string"
}
},
"required": [
"bucketName",
"endpoint",
"interval"
],
"type": "object",
"x-kubernetes-validations": [
{
"message": "STS configuration is only supported for the 'aws' and 'generic' Bucket providers",
"rule": "self.provider == 'aws' || self.provider == 'generic' || !has(self.sts)"
},
{
"message": "'aws' is the only supported STS provider for the 'aws' Bucket provider",
"rule": "self.provider != 'aws' || !has(self.sts) || self.sts.provider == 'aws'"
},
{
"message": "'ldap' is the only supported STS provider for the 'generic' Bucket provider",
"rule": "self.provider != 'generic' || !has(self.sts) || self.sts.provider == 'ldap'"
},
{
"message": "spec.sts.secretRef is not required for the 'aws' STS provider",
"rule": "!has(self.sts) || self.sts.provider != 'aws' || !has(self.sts.secretRef)"
},
{
"message": "spec.sts.certSecretRef is not required for the 'aws' STS provider",
"rule": "!has(self.sts) || self.sts.provider != 'aws' || !has(self.sts.certSecretRef)"
}
],
"additionalProperties": false
},
"status": {
"default": {
"observedGeneration": -1
},
"description": "BucketStatus records the observed state of a Bucket.",
"properties": {
"artifact": {
"description": "Artifact represents the last successful Bucket reconciliation.",
"properties": {
"digest": {
"description": "Digest is the digest of the file in the form of '<algorithm>:<checksum>'.",
"pattern": "^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$",
"type": "string"
},
"lastUpdateTime": {
"description": "LastUpdateTime is the timestamp corresponding to the last update of the\nArtifact.",
"format": "date-time",
"type": "string"
},
"metadata": {
"additionalProperties": {
"type": "string"
},
"description": "Metadata holds upstream information such as OCI annotations.",
"type": "object"
},
"path": {
"description": "Path is the relative file path of the Artifact. It can be used to locate\nthe file in the root of the Artifact storage on the local file system of\nthe controller managing the Source.",
"type": "string"
},
"revision": {
"description": "Revision is a human-readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm chart version, etc.",
"type": "string"
},
"size": {
"description": "Size is the number of bytes in the file.",
"format": "int64",
"type": "integer"
},
"url": {
"description": "URL is the HTTP address of the Artifact as exposed by the controller\nmanaging the Source. It can be used to retrieve the Artifact for\nconsumption, e.g. by another controller applying the Artifact contents.",
"type": "string"
}
},
"required": [
"lastUpdateTime",
"path",
"revision",
"url"
],
"type": "object",
"additionalProperties": false
},
"conditions": {
"description": "Conditions holds the conditions for the Bucket.",
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"lastHandledReconcileAt": {
"description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.",
"type": "string"
},
"observedGeneration": {
"description": "ObservedGeneration is the last observed generation of the Bucket object.",
"format": "int64",
"type": "integer"
},
"observedIgnore": {
"description": "ObservedIgnore is the observed exclusion patterns used for constructing\nthe source artifact.",
"type": "string"
},
"url": {
"description": "URL is the dynamic fetch link for the latest Artifact.\nIt is provided on a \"best effort\" basis, and using the precise\nBucketStatus.Artifact data is recommended.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}