File image-reflector-controller.crds.yaml of Package flux2-cli
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
name: imagepolicies.image.toolkit.fluxcd.io
spec:
group: image.toolkit.fluxcd.io
names:
kind: ImagePolicy
listKind: ImagePolicyList
plural: imagepolicies
shortNames:
- imgpol
- imagepol
singular: imagepolicy
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.latestRef.name
name: Image
type: string
- jsonPath: .status.latestRef.tag
name: Tag
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: ImagePolicy is the Schema for the imagepolicies API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
ImagePolicySpec defines the parameters for calculating the
ImagePolicy.
properties:
digestReflectionPolicy:
default: Never
description: |-
DigestReflectionPolicy governs the setting of the `.status.latestRef.digest` field.
Never: The digest field will always be set to the empty string.
IfNotPresent: The digest field will be set to the digest of the elected
latest image if the field is empty and the image did not change.
Always: The digest field will always be set to the digest of the elected
latest image.
Default: Never.
enum:
- Always
- IfNotPresent
- Never
type: string
filterTags:
description: |-
FilterTags enables filtering for only a subset of tags based on a set of
rules. If no rules are provided, all the tags from the repository will be
ordered and compared.
properties:
extract:
description: |-
Extract allows a capture group to be extracted from the specified regular
expression pattern, useful before tag evaluation.
type: string
pattern:
description: |-
Pattern specifies a regular expression pattern used to filter for image
tags.
type: string
type: object
imageRepositoryRef:
description: |-
ImageRepositoryRef points at the object specifying the image
being scanned
properties:
name:
description: Name of the referent.
type: string
namespace:
description: Namespace of the referent, when not specified it
acts as LocalObjectReference.
type: string
required:
- name
type: object
interval:
description: |-
Interval is the length of time to wait between
refreshing the digest of the latest tag when the
reflection policy is set to "Always".
Defaults to 10m.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
policy:
description: |-
Policy gives the particulars of the policy to be followed in
selecting the most recent image
properties:
alphabetical:
description: Alphabetical set of rules to use for alphabetical
ordering of the tags.
properties:
order:
default: asc
description: |-
Order specifies the sorting order of the tags. Given the letters of the
alphabet as tags, ascending order would select Z, and descending order
would select A.
enum:
- asc
- desc
type: string
type: object
numerical:
description: Numerical set of rules to use for numerical ordering
of the tags.
properties:
order:
default: asc
description: |-
Order specifies the sorting order of the tags. Given the integer values
from 0 to 9 as tags, ascending order would select 9, and descending order
would select 0.
enum:
- asc
- desc
type: string
type: object
semver:
description: |-
SemVer gives a semantic version range to check against the tags
available.
properties:
range:
description: |-
Range gives a semver range for the image tag; the highest
version within the range that's a tag yields the latest image.
type: string
required:
- range
type: object
type: object
suspend:
description: |-
This flag tells the controller to suspend subsequent policy reconciliations.
It does not apply to already started reconciliations. Defaults to false.
type: boolean
required:
- imageRepositoryRef
- policy
type: object
x-kubernetes-validations:
- message: spec.interval is only accepted when spec.digestReflectionPolicy
is set to 'Always'
rule: '!has(self.interval) || (has(self.digestReflectionPolicy) && self.digestReflectionPolicy
== ''Always'')'
- message: spec.interval must be set when spec.digestReflectionPolicy
is set to 'Always'
rule: has(self.interval) || !has(self.digestReflectionPolicy) || self.digestReflectionPolicy
!= 'Always'
status:
default:
observedGeneration: -1
description: ImagePolicyStatus defines the observed state of ImagePolicy
properties:
conditions:
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
lastHandledReconcileAt:
description: |-
LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value
can be detected.
type: string
latestRef:
description: |-
LatestRef gives the first in the list of images scanned by
the image repository, when filtered and ordered according
to the policy.
properties:
digest:
description: Digest is the image's digest.
type: string
name:
description: Name is the bare image's name.
type: string
tag:
description: Tag is the image's tag.
type: string
required:
- name
- tag
type: object
observedGeneration:
format: int64
type: integer
observedPreviousRef:
description: |-
ObservedPreviousRef is the observed previous LatestRef. It is used
to keep track of the previous and current images.
properties:
digest:
description: Digest is the image's digest.
type: string
name:
description: Name is the bare image's name.
type: string
tag:
description: Tag is the image's tag.
type: string
required:
- name
- tag
type: object
type: object
type: object
served: true
storage: true
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .status.latestRef.name
name: Image
type: string
- jsonPath: .status.latestRef.tag
name: Tag
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
deprecated: true
deprecationWarning: v1beta2 ImagePolicy is deprecated, upgrade to v1
name: v1beta2
schema:
openAPIV3Schema:
description: ImagePolicy is the Schema for the imagepolicies API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
ImagePolicySpec defines the parameters for calculating the
ImagePolicy.
properties:
digestReflectionPolicy:
default: Never
description: |-
DigestReflectionPolicy governs the setting of the `.status.latestRef.digest` field.
Never: The digest field will always be set to the empty string.
IfNotPresent: The digest field will be set to the digest of the elected
latest image if the field is empty and the image did not change.
Always: The digest field will always be set to the digest of the elected
latest image.
Default: Never.
enum:
- Always
- IfNotPresent
- Never
type: string
filterTags:
description: |-
FilterTags enables filtering for only a subset of tags based on a set of
rules. If no rules are provided, all the tags from the repository will be
ordered and compared.
properties:
extract:
description: |-
Extract allows a capture group to be extracted from the specified regular
expression pattern, useful before tag evaluation.
type: string
pattern:
description: |-
Pattern specifies a regular expression pattern used to filter for image
tags.
type: string
type: object
imageRepositoryRef:
description: |-
ImageRepositoryRef points at the object specifying the image
being scanned
properties:
name:
description: Name of the referent.
type: string
namespace:
description: Namespace of the referent, when not specified it
acts as LocalObjectReference.
type: string
required:
- name
type: object
interval:
description: |-
Interval is the length of time to wait between
refreshing the digest of the latest tag when the
reflection policy is set to "Always".
Defaults to 10m.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
policy:
description: |-
Policy gives the particulars of the policy to be followed in
selecting the most recent image
properties:
alphabetical:
description: Alphabetical set of rules to use for alphabetical
ordering of the tags.
properties:
order:
default: asc
description: |-
Order specifies the sorting order of the tags. Given the letters of the
alphabet as tags, ascending order would select Z, and descending order
would select A.
enum:
- asc
- desc
type: string
type: object
numerical:
description: Numerical set of rules to use for numerical ordering
of the tags.
properties:
order:
default: asc
description: |-
Order specifies the sorting order of the tags. Given the integer values
from 0 to 9 as tags, ascending order would select 9, and descending order
would select 0.
enum:
- asc
- desc
type: string
type: object
semver:
description: |-
SemVer gives a semantic version range to check against the tags
available.
properties:
range:
description: |-
Range gives a semver range for the image tag; the highest
version within the range that's a tag yields the latest image.
type: string
required:
- range
type: object
type: object
suspend:
description: |-
This flag tells the controller to suspend subsequent policy reconciliations.
It does not apply to already started reconciliations. Defaults to false.
type: boolean
required:
- imageRepositoryRef
- policy
type: object
x-kubernetes-validations:
- message: spec.interval is only accepted when spec.digestReflectionPolicy
is set to 'Always'
rule: '!has(self.interval) || (has(self.digestReflectionPolicy) && self.digestReflectionPolicy
== ''Always'')'
- message: spec.interval must be set when spec.digestReflectionPolicy
is set to 'Always'
rule: has(self.interval) || !has(self.digestReflectionPolicy) || self.digestReflectionPolicy
!= 'Always'
status:
default:
observedGeneration: -1
description: ImagePolicyStatus defines the observed state of ImagePolicy
properties:
conditions:
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
lastHandledReconcileAt:
description: |-
LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value
can be detected.
type: string
latestRef:
description: |-
LatestRef gives the first in the list of images scanned by
the image repository, when filtered and ordered according
to the policy.
properties:
digest:
description: Digest is the image's digest.
type: string
name:
description: Name is the bare image's name.
type: string
tag:
description: Tag is the image's tag.
type: string
required:
- name
- tag
type: object
observedGeneration:
format: int64
type: integer
observedPreviousRef:
description: |-
ObservedPreviousRef is the observed previous LatestRef. It is used
to keep track of the previous and current images.
properties:
digest:
description: Digest is the image's digest.
type: string
name:
description: Name is the bare image's name.
type: string
tag:
description: Tag is the image's tag.
type: string
required:
- name
- tag
type: object
type: object
type: object
served: true
storage: false
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
name: imagerepositories.image.toolkit.fluxcd.io
spec:
group: image.toolkit.fluxcd.io
names:
kind: ImageRepository
listKind: ImageRepositoryList
plural: imagerepositories
shortNames:
- imgrepo
- imagerepo
singular: imagerepository
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.image
name: Image
type: string
- jsonPath: .status.lastScanResult.tagCount
name: Tags
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .status.lastScanResult.scanTime
name: Last scan
priority: 1
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: ImageRepository is the Schema for the imagerepositories API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
ImageRepositorySpec defines the parameters for scanning an image
repository, e.g., `fluxcd/flux`.
properties:
accessFrom:
description: |-
AccessFrom defines an ACL for allowing cross-namespace references
to the ImageRepository object based on the caller's namespace labels.
properties:
namespaceSelectors:
description: |-
NamespaceSelectors is the list of namespace selectors to which this ACL applies.
Items in this list are evaluated using a logical OR operation.
items:
description: |-
NamespaceSelector selects the namespaces to which this ACL applies.
An empty map of MatchLabels matches all namespaces in a cluster.
properties:
matchLabels:
additionalProperties:
type: string
description: |-
MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
type: array
required:
- namespaceSelectors
type: object
certSecretRef:
description: |-
CertSecretRef can be given the name of a Secret containing
either or both of
- a PEM-encoded client certificate (`tls.crt`) and private
key (`tls.key`);
- a PEM-encoded CA certificate (`ca.crt`)
and whichever are supplied, will be used for connecting to the
registry. The client cert and key are useful if you are
authenticating with a certificate; the CA cert is useful if
you are using a self-signed server certificate. The Secret must
be of type `Opaque` or `kubernetes.io/tls`.
Note: Support for the `caFile`, `certFile` and `keyFile` keys has
been deprecated.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
exclusionList:
default:
- ^.*\.sig$
description: |-
ExclusionList is a list of regex strings used to exclude certain tags
from being stored in the database.
items:
type: string
maxItems: 25
type: array
image:
description: Image is the name of the image repository
type: string
insecure:
description: Insecure allows connecting to a non-TLS HTTP container
registry.
type: boolean
interval:
description: |-
Interval is the length of time to wait between
scans of the image repository.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
provider:
default: generic
description: |-
The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
When not specified, defaults to 'generic'.
enum:
- generic
- aws
- azure
- gcp
type: string
proxySecretRef:
description: |-
ProxySecretRef specifies the Secret containing the proxy configuration
to use while communicating with the container registry.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
secretRef:
description: |-
SecretRef can be given the name of a secret containing
credentials to use for the image registry. The secret should be
created with `kubectl create secret docker-registry`, or the
equivalent.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
serviceAccountName:
description: |-
ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate
the image pull if the service account has attached pull secrets.
maxLength: 253
type: string
suspend:
description: |-
This flag tells the controller to suspend subsequent image scans.
It does not apply to already started scans. Defaults to false.
type: boolean
timeout:
description: |-
Timeout for image scanning.
Defaults to 'Interval' duration.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type: string
required:
- image
- interval
type: object
status:
default:
observedGeneration: -1
description: ImageRepositoryStatus defines the observed state of ImageRepository
properties:
canonicalImageName:
description: |-
CanonicalName is the name of the image repository with all the
implied bits made explicit; e.g., `docker.io/library/alpine`
rather than `alpine`.
type: string
conditions:
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
lastHandledReconcileAt:
description: |-
LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value
can be detected.
type: string
lastScanResult:
description: LastScanResult contains the number of fetched tags.
properties:
latestTags:
description: |-
LatestTags is a small sample of the tags found in the last scan.
It's the first 10 tags when sorting all the tags in descending
alphabetical order.
items:
type: string
type: array
revision:
description: Revision is a stable hash of the scanned tags.
type: string
scanTime:
description: ScanTime is the time when the last scan was performed.
format: date-time
type: string
tagCount:
description: TagCount is the number of tags found in the last
scan.
type: integer
required:
- tagCount
type: object
observedExclusionList:
description: |-
ObservedExclusionList is a list of observed exclusion list. It reflects
the exclusion rules used for the observed scan result in
spec.lastScanResult.
items:
type: string
type: array
observedGeneration:
description: ObservedGeneration is the last reconciled generation.
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .spec.image
name: Image
type: string
- jsonPath: .status.lastScanResult.tagCount
name: Tags
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .status.lastScanResult.scanTime
name: Last scan
priority: 1
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
deprecated: true
deprecationWarning: v1beta2 ImageRepository is deprecated, upgrade to v1
name: v1beta2
schema:
openAPIV3Schema:
description: ImageRepository is the Schema for the imagerepositories API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
ImageRepositorySpec defines the parameters for scanning an image
repository, e.g., `fluxcd/flux`.
properties:
accessFrom:
description: |-
AccessFrom defines an ACL for allowing cross-namespace references
to the ImageRepository object based on the caller's namespace labels.
properties:
namespaceSelectors:
description: |-
NamespaceSelectors is the list of namespace selectors to which this ACL applies.
Items in this list are evaluated using a logical OR operation.
items:
description: |-
NamespaceSelector selects the namespaces to which this ACL applies.
An empty map of MatchLabels matches all namespaces in a cluster.
properties:
matchLabels:
additionalProperties:
type: string
description: |-
MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
type: array
required:
- namespaceSelectors
type: object
certSecretRef:
description: |-
CertSecretRef can be given the name of a Secret containing
either or both of
- a PEM-encoded client certificate (`tls.crt`) and private
key (`tls.key`);
- a PEM-encoded CA certificate (`ca.crt`)
and whichever are supplied, will be used for connecting to the
registry. The client cert and key are useful if you are
authenticating with a certificate; the CA cert is useful if
you are using a self-signed server certificate. The Secret must
be of type `Opaque` or `kubernetes.io/tls`.
Note: Support for the `caFile`, `certFile` and `keyFile` keys has
been deprecated.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
exclusionList:
default:
- ^.*\.sig$
description: |-
ExclusionList is a list of regex strings used to exclude certain tags
from being stored in the database.
items:
type: string
maxItems: 25
type: array
image:
description: Image is the name of the image repository
type: string
insecure:
description: Insecure allows connecting to a non-TLS HTTP container
registry.
type: boolean
interval:
description: |-
Interval is the length of time to wait between
scans of the image repository.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
provider:
default: generic
description: |-
The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
When not specified, defaults to 'generic'.
enum:
- generic
- aws
- azure
- gcp
type: string
proxySecretRef:
description: |-
ProxySecretRef specifies the Secret containing the proxy configuration
to use while communicating with the container registry.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
secretRef:
description: |-
SecretRef can be given the name of a secret containing
credentials to use for the image registry. The secret should be
created with `kubectl create secret docker-registry`, or the
equivalent.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
serviceAccountName:
description: |-
ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate
the image pull if the service account has attached pull secrets.
maxLength: 253
type: string
suspend:
description: |-
This flag tells the controller to suspend subsequent image scans.
It does not apply to already started scans. Defaults to false.
type: boolean
timeout:
description: |-
Timeout for image scanning.
Defaults to 'Interval' duration.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type: string
required:
- image
- interval
type: object
status:
default:
observedGeneration: -1
description: ImageRepositoryStatus defines the observed state of ImageRepository
properties:
canonicalImageName:
description: |-
CanonicalName is the name of the image repository with all the
implied bits made explicit; e.g., `docker.io/library/alpine`
rather than `alpine`.
type: string
conditions:
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
lastHandledReconcileAt:
description: |-
LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value
can be detected.
type: string
lastScanResult:
description: LastScanResult contains the number of fetched tags.
properties:
latestTags:
description: |-
LatestTags is a small sample of the tags found in the last scan.
It's the first 10 tags when sorting all the tags in descending
alphabetical order.
items:
type: string
type: array
revision:
description: Revision is a stable hash of the scanned tags.
type: string
scanTime:
description: ScanTime is the time when the last scan was performed.
format: date-time
type: string
tagCount:
description: TagCount is the number of tags found in the last
scan.
type: integer
required:
- tagCount
type: object
observedExclusionList:
description: |-
ObservedExclusionList is a list of observed exclusion list. It reflects
the exclusion rules used for the observed scan result in
spec.lastScanResult.
items:
type: string
type: array
observedGeneration:
description: ObservedGeneration is the last reconciled generation.
format: int64
type: integer
type: object
type: object
served: true
storage: false
subresources:
status: {}
