Bucket v1 — source.toolkit.fluxcd.io

apiVersion string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata object

spec object

BucketSpec specifies the required configuration to produce an Artifact for an object storage bucket.

bucketName string required

BucketName is the name of the object storage bucket.

certSecretRef object

CertSecretRef can be given the name of a Secret containing either or both of - a PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) and whichever are supplied, will be used for connecting to the bucket. The client cert and key are useful if you are authenticating with a certificate; the CA cert is useful if you are using a self-signed server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. This field is only supported for the `generic` provider.

name string required

Name of the referent.

endpoint string required

Endpoint is the object storage address the BucketName is located at.

ignore string

Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.

insecure boolean

Insecure allows connecting to a non-TLS HTTP Endpoint.

interval string required

Interval at which the Bucket Endpoint is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources.

pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$

prefix string

Prefix to use for server-side filtering of files in the Bucket.

provider string

Provider of the object storage bucket. Defaults to 'generic', which expects an S3 (API) compatible object storage.

enum: generic, aws, gcp, azure

proxySecretRef object

ProxySecretRef specifies the Secret containing the proxy configuration to use while communicating with the Bucket server.

name string required

Name of the referent.

region string

Region of the Endpoint where the BucketName is located in.

secretRef object

SecretRef specifies the Secret containing authentication credentials for the Bucket.

name string required

Name of the referent.

serviceAccountName string

ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate the bucket. This field is only supported for the 'gcp' and 'aws' providers. For more information about workload identity: https://fluxcd.io/flux/components/source/buckets/#workload-identity

sts object

STS specifies the required configuration to use a Security Token Service for fetching temporary credentials to authenticate in a Bucket provider. This field is only supported for the `aws` and `generic` providers.

certSecretRef object

CertSecretRef can be given the name of a Secret containing either or both of - a PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) and whichever are supplied, will be used for connecting to the STS endpoint. The client cert and key are useful if you are authenticating with a certificate; the CA cert is useful if you are using a self-signed server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. This field is only supported for the `ldap` provider.

name string required

Name of the referent.

endpoint string required

Endpoint is the HTTP/S endpoint of the Security Token Service from where temporary credentials will be fetched.

pattern: ^(http|https)://.*$

provider string required

Provider of the Security Token Service.

enum: aws, ldap

secretRef object

SecretRef specifies the Secret containing authentication credentials for the STS endpoint. This Secret must contain the fields `username` and `password` and is supported only for the `ldap` provider.

name string required

Name of the referent.

suspend boolean

Suspend tells the controller to suspend the reconciliation of this Bucket.

timeout string

Timeout for fetch operations, defaults to 60s.

pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$

status object

BucketStatus records the observed state of a Bucket.

artifact object

Artifact represents the last successful Bucket reconciliation.

digest string required

Digest is the digest of the file in the form of '<algorithm>:<checksum>'.

pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$

lastUpdateTime string required

LastUpdateTime is the timestamp corresponding to the last update of the Artifact.

format: date-time

metadata object

Metadata holds upstream information such as OCI annotations.

path string required

Path is the relative file path of the Artifact. It can be used to locate the file in the root of the Artifact storage on the local file system of the controller managing the Source.

revision string required

Revision is a human-readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.

size integer

Size is the number of bytes in the file.

format: int64

url string required

URL is the HTTP address of the Artifact as exposed by the controller managing the Source. It can be used to retrieve the Artifact for consumption, e.g. by another controller applying the Artifact contents.

conditions []object

Conditions holds the conditions for the Bucket.

lastTransitionTime string required

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

format: date-time

message string required

message is a human readable message indicating details about the transition. This may be an empty string.

maxLength: 32768

observedGeneration integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

format: int64

minimum: 0

reason string required

reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$

minLength: 1

maxLength: 1024

status string required

status of the condition, one of True, False, Unknown.

enum: True, False, Unknown

type string required

type of condition in CamelCase or in foo.example.com/CamelCase.

pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$

maxLength: 316

lastHandledReconcileAt string

LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.

observedGeneration integer

ObservedGeneration is the last observed generation of the Bucket object.

format: int64

observedIgnore string

ObservedIgnore is the observed exclusion patterns used for constructing the source artifact.

url string

URL is the dynamic fetch link for the latest Artifact. It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact data is recommended.