diff --git a/cluster/base/flux-system/gotk-components.yaml b/cluster/base/flux-system/gotk-components.yaml index 0fba32e74..0186fb934 100644 --- a/cluster/base/flux-system/gotk-components.yaml +++ b/cluster/base/flux-system/gotk-components.yaml @@ -1,6 +1,6 @@ --- # This manifest was generated by flux. DO NOT EDIT. -# Flux Version: v0.25.3 +# Flux Version: v0.26.0 # Components: source-controller,kustomize-controller,helm-controller,notification-controller,image-reflector-controller,image-automation-controller apiVersion: v1 kind: Namespace @@ -8,7 +8,9 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 + pod-security.kubernetes.io/warn: restricted + pod-security.kubernetes.io/warn-version: latest name: flux-system --- apiVersion: apiextensions.k8s.io/v1 @@ -20,7 +22,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: alerts.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -232,7 +234,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -492,7 +494,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -851,7 +853,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: helmcharts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1135,7 +1137,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io @@ -1913,7 +1915,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: helmrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2160,7 +2162,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: imagepolicies.image.toolkit.fluxcd.io spec: group: image.toolkit.fluxcd.io @@ -2751,7 +2753,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: imagerepositories.image.toolkit.fluxcd.io spec: group: image.toolkit.fluxcd.io @@ -3140,14 +3142,27 @@ spec: labels. properties: namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. items: + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. properties: matchLabels: additionalProperties: type: string + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object type: array + required: + - namespaceSelectors type: object certSecretRef: description: "CertSecretRef can be given the name of a secret containing @@ -3311,7 +3326,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: imageupdateautomations.image.toolkit.fluxcd.io spec: group: image.toolkit.fluxcd.io @@ -3951,16 +3966,20 @@ spec: to a git repository. properties: apiVersion: - description: API version of the referent + description: API version of the referent. type: string kind: default: GitRepository - description: Kind of the referent + description: Kind of the referent. enum: - GitRepository type: string name: - description: Name of the referent + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent, defaults to the namespace + of the Kubernetes resource object that contains the reference. type: string required: - kind @@ -3996,6 +4015,8 @@ spec: - sourceRef type: object status: + default: + observedGeneration: -1 description: ImageUpdateAutomationStatus defines the observed state of ImageUpdateAutomation properties: @@ -4111,7 +4132,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: kustomizations.kustomize.toolkit.fluxcd.io spec: group: kustomize.toolkit.fluxcd.io @@ -5212,7 +5233,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: providers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -5416,7 +5437,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: receivers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -5633,7 +5654,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: helm-controller namespace: flux-system --- @@ -5643,7 +5664,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: image-automation-controller namespace: flux-system --- @@ -5653,7 +5674,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: image-reflector-controller namespace: flux-system --- @@ -5663,7 +5684,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: kustomize-controller namespace: flux-system --- @@ -5673,7 +5694,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: notification-controller namespace: flux-system --- @@ -5683,7 +5704,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: source-controller namespace: flux-system --- @@ -5693,7 +5714,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: crd-controller-flux-system rules: - apiGroups: @@ -5774,7 +5795,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: cluster-reconciler-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -5794,7 +5815,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 name: crd-controller-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -5826,7 +5847,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 control-plane: controller name: notification-controller namespace: flux-system @@ -5846,7 +5867,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 control-plane: controller name: source-controller namespace: flux-system @@ -5866,7 +5887,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 control-plane: controller name: webhook-receiver namespace: flux-system @@ -5886,7 +5907,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 control-plane: controller name: helm-controller namespace: flux-system @@ -5915,7 +5936,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/helm-controller:v0.15.0 + image: ghcr.io/fluxcd/helm-controller:v0.16.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -5925,6 +5946,7 @@ spec: ports: - containerPort: 8080 name: http-prom + protocol: TCP - containerPort: 9440 name: healthz protocol: TCP @@ -5941,7 +5963,13 @@ spec: memory: 64Mi securityContext: allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: temp @@ -5959,7 +5987,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 control-plane: controller name: image-automation-controller namespace: flux-system @@ -5988,7 +6016,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/image-automation-controller:v0.19.0 + image: ghcr.io/fluxcd/image-automation-controller:v0.20.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -5998,6 +6026,7 @@ spec: ports: - containerPort: 8080 name: http-prom + protocol: TCP - containerPort: 9440 name: healthz protocol: TCP @@ -6014,7 +6043,13 @@ spec: memory: 64Mi securityContext: allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: temp @@ -6034,7 +6069,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 control-plane: controller name: image-reflector-controller namespace: flux-system @@ -6063,7 +6098,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/image-reflector-controller:v0.15.0 + image: ghcr.io/fluxcd/image-reflector-controller:v0.16.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6073,6 +6108,7 @@ spec: ports: - containerPort: 8080 name: http-prom + protocol: TCP - containerPort: 9440 name: healthz protocol: TCP @@ -6089,7 +6125,13 @@ spec: memory: 64Mi securityContext: allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: temp @@ -6113,7 +6155,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 control-plane: controller name: kustomize-controller namespace: flux-system @@ -6142,7 +6184,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/kustomize-controller:v0.19.1 + image: ghcr.io/fluxcd/kustomize-controller:v0.20.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6152,6 +6194,7 @@ spec: ports: - containerPort: 8080 name: http-prom + protocol: TCP - containerPort: 9440 name: healthz protocol: TCP @@ -6168,7 +6211,13 @@ spec: memory: 64Mi securityContext: allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: temp @@ -6188,7 +6237,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 control-plane: controller name: notification-controller namespace: flux-system @@ -6216,7 +6265,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/notification-controller:v0.20.1 + image: ghcr.io/fluxcd/notification-controller:v0.21.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6226,10 +6275,13 @@ spec: ports: - containerPort: 9090 name: http + protocol: TCP - containerPort: 9292 name: http-webhook + protocol: TCP - containerPort: 8080 name: http-prom + protocol: TCP - containerPort: 9440 name: healthz protocol: TCP @@ -6246,7 +6298,13 @@ spec: memory: 64Mi securityContext: allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: temp @@ -6264,7 +6322,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.26.0 control-plane: controller name: source-controller namespace: flux-system @@ -6297,7 +6355,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/source-controller:v0.20.1 + image: ghcr.io/fluxcd/source-controller:v0.21.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6307,10 +6365,13 @@ spec: ports: - containerPort: 9090 name: http + protocol: TCP - containerPort: 8080 name: http-prom + protocol: TCP - containerPort: 9440 name: healthz + protocol: TCP readinessProbe: httpGet: path: / @@ -6324,7 +6385,13 @@ spec: memory: 64Mi securityContext: allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /data name: data