Fluxinstance v1 — fluxcd.controlplane.io

apiVersion string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata object

spec object

FluxInstanceSpec defines the desired state of FluxInstance

cluster object

Cluster holds the specification of the Kubernetes cluster.

domain string

Domain is the cluster domain used for generating the FQDN of services. Defaults to 'cluster.local'.

multitenant boolean

Multitenant enables the multitenancy lockdown. Defaults to false.

multitenantWorkloadIdentity boolean

MultitenantWorkloadIdentity enables the multitenancy lockdown for workload identity. Defaults to false.

networkPolicy boolean

NetworkPolicy restricts network access to the current namespace. Defaults to true.

objectLevelWorkloadIdentity boolean

ObjectLevelWorkloadIdentity enables the feature gate required for object-level workload identity. This feature is only available in Flux v2.6.0 and later.

size string

Size defines the vertical scaling profile of the Flux controllers. The size is used to determine the concurrency and CPU/Memory limits for the Flux controllers. Accepted values are: 'small', 'medium' and 'large'.

enum: small, medium, large

tenantDefaultDecryptionServiceAccount string

TenantDefaultDecryptionServiceAccount is the name of the service account to use as default for kustomize-controller SOPS decryption when the multitenant lockdown for workload identity is enabled. Defaults to the 'default' service account from the tenant namespace.

tenantDefaultKubeConfigServiceAccount string

TenantDefaultKubeConfigServiceAccount is the name of the service account to use as default for kustomize-controller and helm-controller remote cluster access via spec.kubeConfig.configMapRef when the multitenant lockdown for workload identity is enabled. Defaults to the 'default' service account from the tenant namespace.

tenantDefaultServiceAccount string

TenantDefaultServiceAccount is the name of the service account to use as default when the multitenant lockdown is enabled, for kustomize-controller and helm-controller. This field will also be used for multitenant workload identity lockdown for source-controller, notification-controller, image-reflector-controller and image-automation-controller. Defaults to the 'default' service account from the tenant namespace.

type string

Type specifies the distro of the Kubernetes cluster. Defaults to 'kubernetes'.

enum: kubernetes, openshift, aws, azure, gcp

commonMetadata object

CommonMetadata specifies the common labels and annotations that are applied to all resources. Any existing label or annotation will be overridden if its key matches a common one.

annotations object

Annotations to be added to the object's metadata.

labels object

Labels to be added to the object's metadata.

components []string

Components is the list of controllers to install. Defaults to the core Flux controllers: - source-controller - kustomize-controller - helm-controller - notification-controller

distribution object required

Distribution specifies the version and container registry to pull images from.

artifact string

Artifact is the URL to the OCI artifact containing the latest Kubernetes manifests for the distribution, e.g. 'oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests:latest'.

pattern: ^oci://.*$

artifactPullSecret string

ArtifactPullSecret is the name of the Kubernetes secret to use for pulling the Kubernetes manifests for the distribution specified in the Artifact field.

imagePullSecret string

ImagePullSecret is the name of the Kubernetes secret to use for pulling images.

registry string required

Registry address to pull the distribution images from e.g. 'ghcr.io/fluxcd'.

variant string

Variant specifies the Flux distribution flavor stored in the registry.

enum: upstream-alpine, enterprise-alpine, enterprise-distroless, enterprise-distroless-fips

version string required

Version semver expression e.g. '2.x', '2.3.x'.

kustomize object

Kustomize holds a set of patches that can be applied to the Flux installation, to customize the way Flux operates.

patches []object

Strategic merge and JSON patches, defined as inline YAML objects, capable of targeting objects based on kind, label and annotation selectors.

patch string required

Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with an array of operation objects.

target object

Target points to the resources that the patch document should be applied to.

annotationSelector string

AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations.

group string

Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md

kind string

Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md

labelSelector string

LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels.

name string

Name to match resources with.

namespace string

Namespace to select resources from.

version string

Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md

migrateResources boolean

MigrateResources instructs the controller to migrate the Flux custom resources from the previous version to the latest API version specified in the CRD. Defaults to true.

sharding object

Sharding holds the specification of the sharding configuration.

key string

Key is the label key used to shard the resources.

shards []string required

Shards is the list of shard names.

minItems: 1

storage string

Storage defines if the source-controller shards should use an emptyDir or a persistent volume claim for storage. Accepted values are 'ephemeral' or 'persistent', defaults to 'ephemeral'. For 'persistent' to take effect, the '.spec.storage' field must be set.

enum: ephemeral, persistent

storage object

Storage holds the specification of the source-controller persistent volume claim.

class string required

Class is the storage class to use for the PVC.

size string required

Size is the size of the PVC.

sync object

Sync specifies the source for the cluster sync operation. When set, a Flux source (GitRepository, OCIRepository or Bucket) and Flux Kustomization are created to sync the cluster state with the source repository.

interval string

Interval is the time between syncs.

pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$

kind string required

Kind is the kind of the source.

enum: OCIRepository, GitRepository, Bucket

name string

Name is the name of the Flux source and kustomization resources. When not specified, the name is set to the namespace name of the FluxInstance.

maxLength: 63

path string required

Path is the path to the source directory containing the kustomize overlay or plain Kubernetes manifests.

provider string

Provider specifies OIDC provider for source authentication. For OCIRepository and Bucket the provider can be set to 'aws', 'azure' or 'gcp'. for GitRepository the accepted value can be set to 'azure' or 'github'. To disable OIDC authentication the provider can be set to 'generic' or left empty.

enum: generic, aws, azure, gcp, github

pullSecret string

PullSecret specifies the Kubernetes Secret containing the authentication credentials for the source. For Git over HTTP/S sources, the secret must contain username and password fields. For Git over SSH sources, the secret must contain known_hosts and identity fields. For OCI sources, the secret must be of type kubernetes.io/dockerconfigjson. For Bucket sources, the secret must contain accesskey and secretkey fields.

ref string required

Ref is the source reference, can be a Git ref name e.g. 'refs/heads/main', an OCI tag e.g. 'latest' or a bucket name e.g. 'flux'.

url string required

URL is the source URL, can be a Git repository HTTP/S or SSH address, an OCI repository address or a Bucket endpoint.

wait boolean

Wait instructs the controller to check the health of all the reconciled resources. Defaults to true.

status object

FluxInstanceStatus defines the observed state of FluxInstance

components []object

Components contains the container images used by the components.

digest string

Digest of the container image.

name string required

Name of the component.

repository string required

Repository address of the container image.

tag string required

Tag of the container image.

conditions []object

Conditions contains the readiness conditions of the object.

lastTransitionTime string required

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

format: date-time

message string required

message is a human readable message indicating details about the transition. This may be an empty string.

maxLength: 32768

observedGeneration integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

format: int64

minimum: 0

reason string required

reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$

minLength: 1

maxLength: 1024

status string required

status of the condition, one of True, False, Unknown.

enum: True, False, Unknown

type string required

type of condition in CamelCase or in foo.example.com/CamelCase.

pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$

maxLength: 316

history []object

History contains the reconciliation history of the FluxInstance as a list of snapshots ordered by the last reconciled time.

digest string required

Digest is the checksum in the format `<algo>:<hex>` of the resources in this snapshot.

firstReconciled string required

FirstReconciled is the time when this revision was first reconciled to the cluster.

format: date-time

lastReconciled string required

LastReconciled is the time when this revision was last reconciled to the cluster.

format: date-time

lastReconciledDuration string required

LastReconciledDuration is time it took to reconcile the resources in this revision.

lastReconciledStatus string required

LastReconciledStatus is the status of the last reconciliation.

metadata object

Metadata contains additional information about the snapshot.

totalReconciliations integer required

TotalReconciliations is the total number of reconciliations that have occurred for this snapshot.

format: int64

inventory object

Inventory contains a list of Kubernetes resource object references last applied on the cluster.

entries []object required

Entries of Kubernetes resource object references.

id string required

ID is the string representation of the Kubernetes resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.

v string required

Version is the API version of the Kubernetes resource object's kind.

lastAppliedRevision string

LastAppliedRevision is the version and digest of the distribution config that was last reconcile.

lastArtifactRevision string

LastArtifactRevision is the digest of the last pulled distribution artifact.

lastAttemptedRevision string

LastAttemptedRevision is the version and digest of the distribution config that was last attempted to reconcile.

lastHandledForceAt string

LastHandledForceAt holds the value of the most recent force request value, so a change of the annotation value can be detected.

lastHandledReconcileAt string

LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.