From 04cb545b63ebd54c503f1aeae0fc72176aef14ed Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 29 May 2026 20:06:00 +0000 Subject: [PATCH 1/4] Initial plan From e94b959c5abae832c52e534634c15e636cd70462 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 29 May 2026 20:09:15 +0000 Subject: [PATCH 2/4] feat: package CRDs as separate helm chart with ArgoCD examples and renovate config - Add charts/drop-crds/ helm chart for standalone CRD installation - Add crds.install toggle to main chart (default: true) to disable CRDs when using the separate chart - Add examples/argocd/ with Application manifests for CRDs and operator - Update renovate.json with custom managers for ArgoCD chart versions - Update installation docs with CRD management, ArgoCD, and Renovate guidance --- charts/drop-crds/.helmignore | 18 + charts/drop-crds/Chart.yaml | 19 ++ .../drop.corewire.io_cachedimages.yaml | 308 ++++++++++++++++++ .../drop.corewire.io_cachedimagesets.yaml | 268 +++++++++++++++ .../drop.corewire.io_discoverypolicies.yaml | 275 ++++++++++++++++ .../drop.corewire.io_pullpolicies.yaml | 139 ++++++++ charts/drop-crds/values.yaml | 5 + .../crds-drop.corewire.io_cachedimages.yaml | 308 ++++++++++++++++++ ...crds-drop.corewire.io_cachedimagesets.yaml | 268 +++++++++++++++ ...ds-drop.corewire.io_discoverypolicies.yaml | 275 ++++++++++++++++ .../crds-drop.corewire.io_pullpolicies.yaml | 139 ++++++++ charts/drop/values.yaml | 4 + docs/content/docs/install.md | 57 ++++ examples/argocd/drop-crds.yaml | 28 ++ examples/argocd/drop-operator.yaml | 30 ++ renovate.json | 25 ++ 16 files changed, 2166 insertions(+) create mode 100644 charts/drop-crds/.helmignore create mode 100644 charts/drop-crds/Chart.yaml create mode 100644 charts/drop-crds/templates/drop.corewire.io_cachedimages.yaml create mode 100644 charts/drop-crds/templates/drop.corewire.io_cachedimagesets.yaml create mode 100644 charts/drop-crds/templates/drop.corewire.io_discoverypolicies.yaml create mode 100644 charts/drop-crds/templates/drop.corewire.io_pullpolicies.yaml create mode 100644 charts/drop-crds/values.yaml create mode 100644 charts/drop/templates/crds-drop.corewire.io_cachedimages.yaml create mode 100644 charts/drop/templates/crds-drop.corewire.io_cachedimagesets.yaml create mode 100644 charts/drop/templates/crds-drop.corewire.io_discoverypolicies.yaml create mode 100644 charts/drop/templates/crds-drop.corewire.io_pullpolicies.yaml create mode 100644 examples/argocd/drop-crds.yaml create mode 100644 examples/argocd/drop-operator.yaml diff --git a/charts/drop-crds/.helmignore b/charts/drop-crds/.helmignore new file mode 100644 index 0000000..414bb6e --- /dev/null +++ b/charts/drop-crds/.helmignore @@ -0,0 +1,18 @@ +# Patterns to ignore when building packages. +.DS_Store +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +*.swp +*.bak +*.tmp +*.orig +*~ +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/drop-crds/Chart.yaml b/charts/drop-crds/Chart.yaml new file mode 100644 index 0000000..5a3f207 --- /dev/null +++ b/charts/drop-crds/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +name: drop-crds +description: CRDs for the drop operator (install separately for reliable upgrades) +type: application +version: 0.1.0 +appVersion: "0.1.0" +kubeVersion: ">=1.28.0-0" +keywords: + - kubernetes + - operator + - image-caching + - pre-pull + - crds +home: https://github.com/Breee/drop +sources: + - https://github.com/Breee/drop +maintainers: + - name: Breee + url: https://github.com/Breee diff --git a/charts/drop-crds/templates/drop.corewire.io_cachedimages.yaml b/charts/drop-crds/templates/drop.corewire.io_cachedimages.yaml new file mode 100644 index 0000000..d46b307 --- /dev/null +++ b/charts/drop-crds/templates/drop.corewire.io_cachedimages.yaml @@ -0,0 +1,308 @@ +{{- if .Values.install }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.2 + name: cachedimages.drop.corewire.io +spec: + group: drop.corewire.io + names: + categories: + - drop + kind: CachedImage + listKind: CachedImageList + plural: cachedimages + singular: cachedimage + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.image + name: Image + type: string + - jsonPath: .spec.tag + name: Tag + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].reason + name: Status + type: string + - jsonPath: .status.ready + name: Ready + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.resolvedDigest + name: Digest + priority: 1 + type: string + - description: Parent CachedImageSet + jsonPath: .metadata.labels.drop\.corewire\.io/imageset + name: Set + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Message + priority: 1 + type: string + - jsonPath: .spec.policyRef.name + name: Policy + priority: 1 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: CachedImage is the Schema for the cachedimages API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CachedImageSpec defines the desired state of CachedImage. + properties: + digest: + description: Digest to pull (immutable reference). Mutually exclusive + with Tag. + type: string + image: + description: Image is the fully qualified image reference (registry/repository). + minLength: 1 + type: string + imagePullPolicy: + default: Always + description: |- + ImagePullPolicy controls when kubelet pulls the image. + Defaults to Always (checks upstream digest, only downloads if changed). + Set to IfNotPresent to skip the registry check when the tag already exists locally. + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSecrets: + description: ImagePullSecrets are references to secrets for pulling + from private registries. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector restricts which nodes to cache the image + on. + type: object + policyRef: + description: PolicyRef references a PullPolicy for pacing controls. + properties: + name: + description: Name of the PullPolicy resource. + minLength: 1 + type: string + required: + - name + type: object + priority: + description: Priority is a pull ordering hint (lower values pulled + first). + format: int32 + type: integer + tag: + description: Tag to pull. Mutually exclusive with Digest. + type: string + tolerations: + description: Tolerations allow targeting tainted nodes. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + required: + - image + type: object + status: + description: CachedImageStatus defines the observed state of CachedImage. + properties: + cachedNodes: + description: CachedNodes is the list of node names that have successfully + cached the image. + items: + type: string + type: array + conditions: + description: |- + Conditions represent the latest available observations. + Condition types: Ready, PullProgress. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + consecutiveFailures: + description: ConsecutiveFailures counts sequential reconcile failures + for backoff calculation. + format: int32 + type: integer + lastAttemptedAt: + description: LastAttemptedAt is the timestamp of the most recent pull + attempt (success or failure). + format: date-time + type: string + lastPulledAt: + description: LastPulledAt is the timestamp of the most recent successful + pull. + format: date-time + type: string + nodesPulling: + description: NodesPulling is the number of nodes currently pulling + the image. + format: int32 + type: integer + nodesReady: + description: NodesReady is the number of nodes that have successfully + pulled the image. + format: int32 + type: integer + nodesTargeted: + description: NodesTargeted is the number of nodes that should have + this image. + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration is the last generation reconciled. + format: int64 + type: integer + phase: + description: Phase summarizes the overall state. + enum: + - Pending + - Pulling + - Ready + - Degraded + type: string + ready: + description: Ready is a human-readable "nodesReady/nodesTargeted" + fraction for display. + type: string + resolvedDigest: + description: ResolvedDigest is the sha256 digest of the image as reported + by the container runtime after pull. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/drop-crds/templates/drop.corewire.io_cachedimagesets.yaml b/charts/drop-crds/templates/drop.corewire.io_cachedimagesets.yaml new file mode 100644 index 0000000..88c8b0e --- /dev/null +++ b/charts/drop-crds/templates/drop.corewire.io_cachedimagesets.yaml @@ -0,0 +1,268 @@ +{{- if .Values.install }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.2 + name: cachedimagesets.drop.corewire.io +spec: + group: drop.corewire.io + names: + categories: + - drop + kind: CachedImageSet + listKind: CachedImageSetList + plural: cachedimagesets + singular: cachedimageset + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].reason + name: Status + type: string + - jsonPath: .status.imagesReady + name: Ready + type: string + - jsonPath: .status.imagesManaged + name: Managed + type: integer + - jsonPath: .spec.discoveryPolicyRef.name + name: Source + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Message + priority: 1 + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: CachedImageSet is the Schema for the cachedimagesets API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CachedImageSetSpec defines the desired state of CachedImageSet. + properties: + discoveryPolicyRef: + description: DiscoveryPolicyRef references a DiscoveryPolicy for dynamic + image lists. + properties: + name: + description: Name of the DiscoveryPolicy resource. + minLength: 1 + type: string + required: + - name + type: object + imagePullPolicy: + default: Always + description: ImagePullPolicy controls when kubelet pulls the image + (propagated to children). + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSecrets: + description: ImagePullSecrets are references to secrets for pulling + from private registries (propagated to children). + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + images: + description: Images is a static list of images to cache. + items: + description: ImageEntry defines a single image to include in a set. + properties: + digest: + description: Digest to pull. + type: string + image: + description: Image is the fully qualified image reference (registry/repository). + minLength: 1 + type: string + tag: + description: Tag to pull. + type: string + required: + - image + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector restricts which nodes to cache images on + (propagated to children). + type: object + policyRef: + description: PolicyRef references a PullPolicy for pacing controls. + properties: + name: + description: Name of the PullPolicy resource. + minLength: 1 + type: string + required: + - name + type: object + tolerations: + description: Tolerations allow targeting tainted nodes (propagated + to children). + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + status: + description: CachedImageSetStatus defines the observed state of CachedImageSet. + properties: + conditions: + description: Conditions represent the latest available observations. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + imagesManaged: + description: ImagesManaged is the number of CachedImage children managed + by this set. + format: int32 + type: integer + imagesReady: + description: ImagesReady is the number of children in Ready phase. + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration is the last generation reconciled. + format: int64 + type: integer + phase: + description: Phase summarizes the overall state. + enum: + - Pending + - Ready + - Degraded + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/drop-crds/templates/drop.corewire.io_discoverypolicies.yaml b/charts/drop-crds/templates/drop.corewire.io_discoverypolicies.yaml new file mode 100644 index 0000000..edcfda9 --- /dev/null +++ b/charts/drop-crds/templates/drop.corewire.io_discoverypolicies.yaml @@ -0,0 +1,275 @@ +{{- if .Values.install }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.2 + name: discoverypolicies.drop.corewire.io +spec: + group: drop.corewire.io + names: + categories: + - drop + kind: DiscoveryPolicy + listKind: DiscoveryPolicyList + plural: discoverypolicies + singular: discoverypolicy + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].reason + name: Status + type: string + - jsonPath: .status.sourceCount + name: Sources + type: integer + - jsonPath: .status.imageCount + name: Images + type: integer + - jsonPath: .status.lastSyncTime + name: LastSync + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Message + priority: 1 + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DiscoveryPolicy is the Schema for the discoverypolicies API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DiscoveryPolicySpec defines the desired state of DiscoveryPolicy. + properties: + imageFilter: + description: ImageFilter is a regex to filter discovered images. + type: string + maxImages: + default: 50 + description: MaxImages caps the number of discovered images. + format: int32 + minimum: 1 + type: integer + sources: + description: Sources is the list of discovery backends to query. + items: + description: DiscoverySource defines a single discovery backend. + properties: + prometheus: + description: Prometheus config (when type=prometheus). + properties: + endpoint: + description: Endpoint is the Prometheus API URL. + minLength: 1 + type: string + lookback: + description: |- + Lookback is the time window to aggregate over (e.g. "7d", "24h"). + When set, uses query_range and sums values to rank by total usage. + When unset, uses an instant query (point-in-time). + type: string + query: + description: Query is the PromQL query that must return + an 'image' label. + minLength: 1 + type: string + step: + default: 5m + description: Step is the query resolution step for range + queries. + type: string + required: + - endpoint + - query + type: object + registry: + description: Registry config (when type=registry). + properties: + imageTemplate: + description: |- + ImageTemplate is a Go text/template for constructing the full image reference. + Available variables: .Registry, .Repository, .Tag + type: string + repositories: + description: Repositories is the list of repositories to + query. + items: + type: string + minItems: 1 + type: array + tagFilter: + description: TagFilter is a regex to filter tags. + type: string + topX: + description: TopX limits the number of tags to fetch per + repository. + format: int32 + minimum: 1 + type: integer + url: + description: URL is the registry base URL. + minLength: 1 + type: string + required: + - repositories + - url + type: object + secretRef: + description: SecretRef references a Secret for auth/TLS for + this source. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: + description: Type identifies the backend. + enum: + - prometheus + - registry + type: string + required: + - type + type: object + minItems: 1 + type: array + syncInterval: + default: 30m + description: SyncInterval is how often to re-query sources. + type: string + required: + - sources + type: object + status: + description: DiscoveryPolicyStatus defines the observed state of DiscoveryPolicy. + properties: + conditions: + description: Conditions represent the latest available observations. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + discoveredImages: + description: DiscoveredImages is the list of discovered images from + all sources. + items: + description: DiscoveredImage represents a single discovered image + with metadata. + properties: + image: + description: Image is the fully qualified image reference. + type: string + score: + description: Score is the ranking score from the source (higher + = more relevant). + format: int64 + type: integer + source: + description: Source identifies which discovery source produced + this image. + type: string + required: + - image + - score + - source + type: object + type: array + imageCount: + description: ImageCount is the number of discovered images. + format: int32 + type: integer + lastSyncTime: + description: LastSyncTime is the timestamp of the last successful + sync. + format: date-time + type: string + sourceCount: + description: SourceCount is the number of configured sources. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/drop-crds/templates/drop.corewire.io_pullpolicies.yaml b/charts/drop-crds/templates/drop.corewire.io_pullpolicies.yaml new file mode 100644 index 0000000..a451afa --- /dev/null +++ b/charts/drop-crds/templates/drop.corewire.io_pullpolicies.yaml @@ -0,0 +1,139 @@ +{{- if .Values.install }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.2 + name: pullpolicies.drop.corewire.io +spec: + group: drop.corewire.io + names: + categories: + - drop + kind: PullPolicy + listKind: PullPolicyList + plural: pullpolicies + singular: pullpolicy + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.maxConcurrentNodes + name: MaxNodes + type: integer + - jsonPath: .spec.minDelayBetweenPulls + name: MinDelay + type: string + - jsonPath: .spec.repullInterval + name: RepullInterval + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + PullPolicy is the Schema for the pullpolicies API. + It is a configuration-only resource with no status. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PullPolicySpec defines pacing and behavior configuration + for image pulls. + properties: + failureBackoff: + description: FailureBackoff configures retry delays on pull failures. + properties: + initial: + default: 30s + description: Initial delay before first retry. + type: string + max: + default: 5m + description: Max delay cap for exponential backoff. + type: string + type: object + maxConcurrentNodes: + default: 1 + description: MaxConcurrentNodes is the max nodes pulling simultaneously + for this policy. + format: int32 + minimum: 1 + type: integer + minDelayBetweenPulls: + default: 10s + description: MinDelayBetweenPulls is the minimum time between starting + pulls on different nodes. + type: string + nodeSelector: + additionalProperties: + type: string + description: NodeSelector scopes this policy to a specific node pool. + type: object + repullInterval: + description: RepullInterval is how often to re-pull cached images. + Zero or unset means never re-pull. + type: string + tolerations: + description: Tolerations match tainted nodes in the pool. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: {} +{{- end }} diff --git a/charts/drop-crds/values.yaml b/charts/drop-crds/values.yaml new file mode 100644 index 0000000..ba8a937 --- /dev/null +++ b/charts/drop-crds/values.yaml @@ -0,0 +1,5 @@ +# Default values for drop-crds. + +# Set to false to render the chart without actually creating CRDs +# (useful for dry-run or templating). +install: true diff --git a/charts/drop/templates/crds-drop.corewire.io_cachedimages.yaml b/charts/drop/templates/crds-drop.corewire.io_cachedimages.yaml new file mode 100644 index 0000000..fe4bb7c --- /dev/null +++ b/charts/drop/templates/crds-drop.corewire.io_cachedimages.yaml @@ -0,0 +1,308 @@ +{{- if .Values.crds.install }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.2 + name: cachedimages.drop.corewire.io +spec: + group: drop.corewire.io + names: + categories: + - drop + kind: CachedImage + listKind: CachedImageList + plural: cachedimages + singular: cachedimage + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.image + name: Image + type: string + - jsonPath: .spec.tag + name: Tag + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].reason + name: Status + type: string + - jsonPath: .status.ready + name: Ready + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.resolvedDigest + name: Digest + priority: 1 + type: string + - description: Parent CachedImageSet + jsonPath: .metadata.labels.drop\.corewire\.io/imageset + name: Set + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Message + priority: 1 + type: string + - jsonPath: .spec.policyRef.name + name: Policy + priority: 1 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: CachedImage is the Schema for the cachedimages API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CachedImageSpec defines the desired state of CachedImage. + properties: + digest: + description: Digest to pull (immutable reference). Mutually exclusive + with Tag. + type: string + image: + description: Image is the fully qualified image reference (registry/repository). + minLength: 1 + type: string + imagePullPolicy: + default: Always + description: |- + ImagePullPolicy controls when kubelet pulls the image. + Defaults to Always (checks upstream digest, only downloads if changed). + Set to IfNotPresent to skip the registry check when the tag already exists locally. + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSecrets: + description: ImagePullSecrets are references to secrets for pulling + from private registries. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector restricts which nodes to cache the image + on. + type: object + policyRef: + description: PolicyRef references a PullPolicy for pacing controls. + properties: + name: + description: Name of the PullPolicy resource. + minLength: 1 + type: string + required: + - name + type: object + priority: + description: Priority is a pull ordering hint (lower values pulled + first). + format: int32 + type: integer + tag: + description: Tag to pull. Mutually exclusive with Digest. + type: string + tolerations: + description: Tolerations allow targeting tainted nodes. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + required: + - image + type: object + status: + description: CachedImageStatus defines the observed state of CachedImage. + properties: + cachedNodes: + description: CachedNodes is the list of node names that have successfully + cached the image. + items: + type: string + type: array + conditions: + description: |- + Conditions represent the latest available observations. + Condition types: Ready, PullProgress. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + consecutiveFailures: + description: ConsecutiveFailures counts sequential reconcile failures + for backoff calculation. + format: int32 + type: integer + lastAttemptedAt: + description: LastAttemptedAt is the timestamp of the most recent pull + attempt (success or failure). + format: date-time + type: string + lastPulledAt: + description: LastPulledAt is the timestamp of the most recent successful + pull. + format: date-time + type: string + nodesPulling: + description: NodesPulling is the number of nodes currently pulling + the image. + format: int32 + type: integer + nodesReady: + description: NodesReady is the number of nodes that have successfully + pulled the image. + format: int32 + type: integer + nodesTargeted: + description: NodesTargeted is the number of nodes that should have + this image. + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration is the last generation reconciled. + format: int64 + type: integer + phase: + description: Phase summarizes the overall state. + enum: + - Pending + - Pulling + - Ready + - Degraded + type: string + ready: + description: Ready is a human-readable "nodesReady/nodesTargeted" + fraction for display. + type: string + resolvedDigest: + description: ResolvedDigest is the sha256 digest of the image as reported + by the container runtime after pull. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/drop/templates/crds-drop.corewire.io_cachedimagesets.yaml b/charts/drop/templates/crds-drop.corewire.io_cachedimagesets.yaml new file mode 100644 index 0000000..45fb9b2 --- /dev/null +++ b/charts/drop/templates/crds-drop.corewire.io_cachedimagesets.yaml @@ -0,0 +1,268 @@ +{{- if .Values.crds.install }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.2 + name: cachedimagesets.drop.corewire.io +spec: + group: drop.corewire.io + names: + categories: + - drop + kind: CachedImageSet + listKind: CachedImageSetList + plural: cachedimagesets + singular: cachedimageset + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].reason + name: Status + type: string + - jsonPath: .status.imagesReady + name: Ready + type: string + - jsonPath: .status.imagesManaged + name: Managed + type: integer + - jsonPath: .spec.discoveryPolicyRef.name + name: Source + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Message + priority: 1 + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: CachedImageSet is the Schema for the cachedimagesets API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CachedImageSetSpec defines the desired state of CachedImageSet. + properties: + discoveryPolicyRef: + description: DiscoveryPolicyRef references a DiscoveryPolicy for dynamic + image lists. + properties: + name: + description: Name of the DiscoveryPolicy resource. + minLength: 1 + type: string + required: + - name + type: object + imagePullPolicy: + default: Always + description: ImagePullPolicy controls when kubelet pulls the image + (propagated to children). + enum: + - Always + - IfNotPresent + - Never + type: string + imagePullSecrets: + description: ImagePullSecrets are references to secrets for pulling + from private registries (propagated to children). + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + images: + description: Images is a static list of images to cache. + items: + description: ImageEntry defines a single image to include in a set. + properties: + digest: + description: Digest to pull. + type: string + image: + description: Image is the fully qualified image reference (registry/repository). + minLength: 1 + type: string + tag: + description: Tag to pull. + type: string + required: + - image + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector restricts which nodes to cache images on + (propagated to children). + type: object + policyRef: + description: PolicyRef references a PullPolicy for pacing controls. + properties: + name: + description: Name of the PullPolicy resource. + minLength: 1 + type: string + required: + - name + type: object + tolerations: + description: Tolerations allow targeting tainted nodes (propagated + to children). + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + status: + description: CachedImageSetStatus defines the observed state of CachedImageSet. + properties: + conditions: + description: Conditions represent the latest available observations. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + imagesManaged: + description: ImagesManaged is the number of CachedImage children managed + by this set. + format: int32 + type: integer + imagesReady: + description: ImagesReady is the number of children in Ready phase. + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration is the last generation reconciled. + format: int64 + type: integer + phase: + description: Phase summarizes the overall state. + enum: + - Pending + - Ready + - Degraded + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/drop/templates/crds-drop.corewire.io_discoverypolicies.yaml b/charts/drop/templates/crds-drop.corewire.io_discoverypolicies.yaml new file mode 100644 index 0000000..35d4edc --- /dev/null +++ b/charts/drop/templates/crds-drop.corewire.io_discoverypolicies.yaml @@ -0,0 +1,275 @@ +{{- if .Values.crds.install }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.2 + name: discoverypolicies.drop.corewire.io +spec: + group: drop.corewire.io + names: + categories: + - drop + kind: DiscoveryPolicy + listKind: DiscoveryPolicyList + plural: discoverypolicies + singular: discoverypolicy + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].reason + name: Status + type: string + - jsonPath: .status.sourceCount + name: Sources + type: integer + - jsonPath: .status.imageCount + name: Images + type: integer + - jsonPath: .status.lastSyncTime + name: LastSync + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Message + priority: 1 + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DiscoveryPolicy is the Schema for the discoverypolicies API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DiscoveryPolicySpec defines the desired state of DiscoveryPolicy. + properties: + imageFilter: + description: ImageFilter is a regex to filter discovered images. + type: string + maxImages: + default: 50 + description: MaxImages caps the number of discovered images. + format: int32 + minimum: 1 + type: integer + sources: + description: Sources is the list of discovery backends to query. + items: + description: DiscoverySource defines a single discovery backend. + properties: + prometheus: + description: Prometheus config (when type=prometheus). + properties: + endpoint: + description: Endpoint is the Prometheus API URL. + minLength: 1 + type: string + lookback: + description: |- + Lookback is the time window to aggregate over (e.g. "7d", "24h"). + When set, uses query_range and sums values to rank by total usage. + When unset, uses an instant query (point-in-time). + type: string + query: + description: Query is the PromQL query that must return + an 'image' label. + minLength: 1 + type: string + step: + default: 5m + description: Step is the query resolution step for range + queries. + type: string + required: + - endpoint + - query + type: object + registry: + description: Registry config (when type=registry). + properties: + imageTemplate: + description: |- + ImageTemplate is a Go text/template for constructing the full image reference. + Available variables: .Registry, .Repository, .Tag + type: string + repositories: + description: Repositories is the list of repositories to + query. + items: + type: string + minItems: 1 + type: array + tagFilter: + description: TagFilter is a regex to filter tags. + type: string + topX: + description: TopX limits the number of tags to fetch per + repository. + format: int32 + minimum: 1 + type: integer + url: + description: URL is the registry base URL. + minLength: 1 + type: string + required: + - repositories + - url + type: object + secretRef: + description: SecretRef references a Secret for auth/TLS for + this source. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: + description: Type identifies the backend. + enum: + - prometheus + - registry + type: string + required: + - type + type: object + minItems: 1 + type: array + syncInterval: + default: 30m + description: SyncInterval is how often to re-query sources. + type: string + required: + - sources + type: object + status: + description: DiscoveryPolicyStatus defines the observed state of DiscoveryPolicy. + properties: + conditions: + description: Conditions represent the latest available observations. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + discoveredImages: + description: DiscoveredImages is the list of discovered images from + all sources. + items: + description: DiscoveredImage represents a single discovered image + with metadata. + properties: + image: + description: Image is the fully qualified image reference. + type: string + score: + description: Score is the ranking score from the source (higher + = more relevant). + format: int64 + type: integer + source: + description: Source identifies which discovery source produced + this image. + type: string + required: + - image + - score + - source + type: object + type: array + imageCount: + description: ImageCount is the number of discovered images. + format: int32 + type: integer + lastSyncTime: + description: LastSyncTime is the timestamp of the last successful + sync. + format: date-time + type: string + sourceCount: + description: SourceCount is the number of configured sources. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/drop/templates/crds-drop.corewire.io_pullpolicies.yaml b/charts/drop/templates/crds-drop.corewire.io_pullpolicies.yaml new file mode 100644 index 0000000..feeea37 --- /dev/null +++ b/charts/drop/templates/crds-drop.corewire.io_pullpolicies.yaml @@ -0,0 +1,139 @@ +{{- if .Values.crds.install }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.2 + name: pullpolicies.drop.corewire.io +spec: + group: drop.corewire.io + names: + categories: + - drop + kind: PullPolicy + listKind: PullPolicyList + plural: pullpolicies + singular: pullpolicy + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.maxConcurrentNodes + name: MaxNodes + type: integer + - jsonPath: .spec.minDelayBetweenPulls + name: MinDelay + type: string + - jsonPath: .spec.repullInterval + name: RepullInterval + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + PullPolicy is the Schema for the pullpolicies API. + It is a configuration-only resource with no status. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PullPolicySpec defines pacing and behavior configuration + for image pulls. + properties: + failureBackoff: + description: FailureBackoff configures retry delays on pull failures. + properties: + initial: + default: 30s + description: Initial delay before first retry. + type: string + max: + default: 5m + description: Max delay cap for exponential backoff. + type: string + type: object + maxConcurrentNodes: + default: 1 + description: MaxConcurrentNodes is the max nodes pulling simultaneously + for this policy. + format: int32 + minimum: 1 + type: integer + minDelayBetweenPulls: + default: 10s + description: MinDelayBetweenPulls is the minimum time between starting + pulls on different nodes. + type: string + nodeSelector: + additionalProperties: + type: string + description: NodeSelector scopes this policy to a specific node pool. + type: object + repullInterval: + description: RepullInterval is how often to re-pull cached images. + Zero or unset means never re-pull. + type: string + tolerations: + description: Tolerations match tainted nodes in the pool. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: {} +{{- end }} diff --git a/charts/drop/values.yaml b/charts/drop/values.yaml index 19429a4..dca0847 100644 --- a/charts/drop/values.yaml +++ b/charts/drop/values.yaml @@ -40,6 +40,10 @@ certManager: name: selfsigned-issuer kind: ClusterIssuer +# CRD management. Set install to false when using the separate drop-crds chart. +crds: + install: true + nodeSelector: {} tolerations: [] affinity: {} diff --git a/docs/content/docs/install.md b/docs/content/docs/install.md index 90182bb..2bdcf0f 100644 --- a/docs/content/docs/install.md +++ b/docs/content/docs/install.md @@ -8,6 +8,7 @@ llmsDescription: | Installation guide for the drop operator. Prerequisites: Kubernetes 1.28+, Helm 3.12+. Install via Helm chart from ghcr.io/breee/charts/drop. Optional: cert-manager for secure metrics, ServiceMonitor for Prometheus. + CRDs can be installed separately via the drop-crds chart for reliable upgrades. --- ## Prerequisites @@ -34,6 +35,62 @@ helm install drop oci://ghcr.io/breee/charts/drop \ --set certManager.enabled=true ``` +## CRD Management + +Helm does not update CRDs on `helm upgrade`. For reliable CRD lifecycle +management, install CRDs separately using the **drop-crds** chart: + +```bash +# Install CRDs independently +helm install drop-crds oci://ghcr.io/breee/charts/drop-crds + +# Install the operator with CRD installation disabled +helm install drop oci://ghcr.io/breee/charts/drop \ + --namespace drop-system \ + --create-namespace \ + --set crds.install=false +``` + +To upgrade CRDs later: + +```bash +helm upgrade drop-crds oci://ghcr.io/breee/charts/drop-crds +``` + +### ArgoCD + +When using ArgoCD, deploy CRDs and the operator as separate Applications so +that CRD updates are applied independently. See +[`examples/argocd/`](https://github.com/Breee/drop/tree/main/examples/argocd) +for ready-to-use Application manifests. + +Key points for ArgoCD CRD management: + +- Use `ServerSideApply=true` and `Replace=true` sync options on the CRDs Application. +- Set a negative sync-wave (`argocd.argoproj.io/sync-wave: "-1"`) so CRDs are synced before the operator. +- Disable `crds.install` in the operator chart values. + +### Renovate + +The repository includes Renovate custom managers that automatically detect new +chart versions in the ArgoCD example manifests. Add similar regex managers to +your own `renovate.json` to keep chart references up to date: + +```json +{ + "customManagers": [ + { + "customType": "regex", + "fileMatch": ["argocd/.*\\.yaml$"], + "matchStrings": ["chart: drop-crds\\n\\s+repoURL: oci://ghcr\\.io/breee/charts\\n\\s+targetRevision: (?\\S+)"], + "depNameTemplate": "drop-crds", + "datasourceTemplate": "docker", + "packageNameTemplate": "ghcr.io/breee/charts/drop-crds" + } + ] +} +``` + ## Verify ```bash diff --git a/examples/argocd/drop-crds.yaml b/examples/argocd/drop-crds.yaml new file mode 100644 index 0000000..a31d467 --- /dev/null +++ b/examples/argocd/drop-crds.yaml @@ -0,0 +1,28 @@ +# ArgoCD Application — drop CRDs (install first) +# +# Best practice: Install CRDs as a separate ArgoCD Application with +# Replace=true sync option so that ArgoCD can manage CRD lifecycle +# independently of the operator. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: drop-crds + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "-1" +spec: + project: default + source: + chart: drop-crds + repoURL: oci://ghcr.io/breee/charts + targetRevision: 0.1.0 + destination: + server: https://kubernetes.default.svc + syncPolicy: + automated: + prune: false + selfHeal: true + syncOptions: + - CreateNamespace=false + - ServerSideApply=true + - Replace=true diff --git a/examples/argocd/drop-operator.yaml b/examples/argocd/drop-operator.yaml new file mode 100644 index 0000000..edc0eb0 --- /dev/null +++ b/examples/argocd/drop-operator.yaml @@ -0,0 +1,30 @@ +# ArgoCD Application — drop operator +# +# When using the separate drop-crds chart, disable CRD installation in the +# operator chart by setting crds.install=false. +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: drop + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "0" +spec: + project: default + source: + chart: drop + repoURL: oci://ghcr.io/breee/charts + targetRevision: 0.1.0 + helm: + valuesObject: + crds: + install: false + destination: + server: https://kubernetes.default.svc + namespace: drop-system + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/renovate.json b/renovate.json index 2534534..0a778ba 100644 --- a/renovate.json +++ b/renovate.json @@ -14,6 +14,31 @@ "description": "Major updates require manual approval", "matchUpdateTypes": ["major"], "automerge": false + }, + { + "description": "Group drop chart and drop-crds chart version bumps together", + "matchFileNames": ["charts/drop/Chart.yaml", "charts/drop-crds/Chart.yaml"], + "groupName": "drop-charts" + } + ], + "customManagers": [ + { + "customType": "regex", + "description": "Update drop-crds chart version in ArgoCD examples", + "fileMatch": ["examples/argocd/.*\\.yaml$"], + "matchStrings": ["chart: drop-crds\\n\\s+repoURL: oci://ghcr\\.io/breee/charts\\n\\s+targetRevision: (?\\S+)"], + "depNameTemplate": "drop-crds", + "datasourceTemplate": "docker", + "packageNameTemplate": "ghcr.io/breee/charts/drop-crds" + }, + { + "customType": "regex", + "description": "Update drop operator chart version in ArgoCD examples", + "fileMatch": ["examples/argocd/.*\\.yaml$"], + "matchStrings": ["chart: drop\\n\\s+repoURL: oci://ghcr\\.io/breee/charts\\n\\s+targetRevision: (?\\S+)"], + "depNameTemplate": "drop", + "datasourceTemplate": "docker", + "packageNameTemplate": "ghcr.io/breee/charts/drop" } ] } From e5246a0d1b7ff937d04ab361e54ce7b7591a857d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 29 May 2026 20:16:37 +0000 Subject: [PATCH 3/4] refactor: single source of truth for CRDs via make sync-crds CRD content lives only in config/crd/bases/ (generated from Go structs). Chart templates are produced by `make sync-crds` which copies them with conditional wrappers. The codegen target now includes sync-crds. --- Makefile | 15 ++++++++++++++- .../templates/drop.corewire.io_cachedimages.yaml | 4 +++- .../drop.corewire.io_cachedimagesets.yaml | 4 +++- .../drop.corewire.io_discoverypolicies.yaml | 4 +++- .../templates/drop.corewire.io_pullpolicies.yaml | 3 ++- .../crds-drop.corewire.io_cachedimages.yaml | 4 +++- .../crds-drop.corewire.io_cachedimagesets.yaml | 4 +++- .../crds-drop.corewire.io_discoverypolicies.yaml | 4 +++- .../crds-drop.corewire.io_pullpolicies.yaml | 3 ++- .../crd/bases/drop.corewire.io_cachedimages.yaml | 3 ++- .../bases/drop.corewire.io_cachedimagesets.yaml | 3 ++- .../bases/drop.corewire.io_discoverypolicies.yaml | 3 ++- .../crd/bases/drop.corewire.io_pullpolicies.yaml | 2 +- 13 files changed, 43 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index de99a67..c4ede01 100644 --- a/Makefile +++ b/Makefile @@ -57,8 +57,21 @@ generate: controller-gen ## Generate DeepCopy methods. manifests: controller-gen ## Generate CRD and RBAC manifests. $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases +.PHONY: sync-crds +sync-crds: manifests ## Sync generated CRDs into Helm chart templates. + @echo "Syncing CRDs into charts/drop-crds/templates/ and charts/drop/templates/" + @for f in config/crd/bases/*.yaml; do \ + base=$$(basename "$$f"); \ + { echo '{{- /* Generated from config/crd/bases — do not edit manually. Run make sync-crds */ -}}'; \ + echo '{{- if .Values.install }}'; cat "$$f"; echo '{{- end }}'; \ + } > "charts/drop-crds/templates/$$base"; \ + { echo '{{- /* Generated from config/crd/bases — do not edit manually. Run make sync-crds */ -}}'; \ + echo '{{- if .Values.crds.install }}'; cat "$$f"; echo '{{- end }}'; \ + } > "charts/drop/templates/crds-$$base"; \ + done + .PHONY: codegen -codegen: generate manifests docs-gen ## Run all code generation (deepcopy + CRDs + docs). +codegen: generate manifests sync-crds docs-gen ## Run all code generation (deepcopy + CRDs + docs). ##@ Testing diff --git a/charts/drop-crds/templates/drop.corewire.io_cachedimages.yaml b/charts/drop-crds/templates/drop.corewire.io_cachedimages.yaml index d46b307..8aa3e0f 100644 --- a/charts/drop-crds/templates/drop.corewire.io_cachedimages.yaml +++ b/charts/drop-crds/templates/drop.corewire.io_cachedimages.yaml @@ -1,3 +1,4 @@ +{{- /* Generated from config/crd/bases — do not edit manually. Run make sync-crds */ -}} {{- if .Values.install }} --- apiVersion: apiextensions.k8s.io/v1 @@ -53,7 +54,8 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: CachedImage is the Schema for the cachedimages API. + description: CachedImage ensures a single container image is pre-cached on + cluster nodes. properties: apiVersion: description: |- diff --git a/charts/drop-crds/templates/drop.corewire.io_cachedimagesets.yaml b/charts/drop-crds/templates/drop.corewire.io_cachedimagesets.yaml index 88c8b0e..13721f7 100644 --- a/charts/drop-crds/templates/drop.corewire.io_cachedimagesets.yaml +++ b/charts/drop-crds/templates/drop.corewire.io_cachedimagesets.yaml @@ -1,3 +1,4 @@ +{{- /* Generated from config/crd/bases — do not edit manually. Run make sync-crds */ -}} {{- if .Values.install }} --- apiVersion: apiextensions.k8s.io/v1 @@ -40,7 +41,8 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: CachedImageSet is the Schema for the cachedimagesets API. + description: CachedImageSet manages a group of images to cache, optionally + backed by a DiscoveryPolicy. properties: apiVersion: description: |- diff --git a/charts/drop-crds/templates/drop.corewire.io_discoverypolicies.yaml b/charts/drop-crds/templates/drop.corewire.io_discoverypolicies.yaml index edcfda9..5703f7a 100644 --- a/charts/drop-crds/templates/drop.corewire.io_discoverypolicies.yaml +++ b/charts/drop-crds/templates/drop.corewire.io_discoverypolicies.yaml @@ -1,3 +1,4 @@ +{{- /* Generated from config/crd/bases — do not edit manually. Run make sync-crds */ -}} {{- if .Values.install }} --- apiVersion: apiextensions.k8s.io/v1 @@ -40,7 +41,8 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: DiscoveryPolicy is the Schema for the discoverypolicies API. + description: DiscoveryPolicy automatically discovers images from registries + or Prometheus metrics. properties: apiVersion: description: |- diff --git a/charts/drop-crds/templates/drop.corewire.io_pullpolicies.yaml b/charts/drop-crds/templates/drop.corewire.io_pullpolicies.yaml index a451afa..4dcc872 100644 --- a/charts/drop-crds/templates/drop.corewire.io_pullpolicies.yaml +++ b/charts/drop-crds/templates/drop.corewire.io_pullpolicies.yaml @@ -1,3 +1,4 @@ +{{- /* Generated from config/crd/bases — do not edit manually. Run make sync-crds */ -}} {{- if .Values.install }} --- apiVersion: apiextensions.k8s.io/v1 @@ -34,7 +35,7 @@ spec: schema: openAPIV3Schema: description: |- - PullPolicy is the Schema for the pullpolicies API. + PullPolicy controls the pacing and retry behavior for image pulls across cluster nodes. It is a configuration-only resource with no status. properties: apiVersion: diff --git a/charts/drop/templates/crds-drop.corewire.io_cachedimages.yaml b/charts/drop/templates/crds-drop.corewire.io_cachedimages.yaml index fe4bb7c..249d710 100644 --- a/charts/drop/templates/crds-drop.corewire.io_cachedimages.yaml +++ b/charts/drop/templates/crds-drop.corewire.io_cachedimages.yaml @@ -1,3 +1,4 @@ +{{- /* Generated from config/crd/bases — do not edit manually. Run make sync-crds */ -}} {{- if .Values.crds.install }} --- apiVersion: apiextensions.k8s.io/v1 @@ -53,7 +54,8 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: CachedImage is the Schema for the cachedimages API. + description: CachedImage ensures a single container image is pre-cached on + cluster nodes. properties: apiVersion: description: |- diff --git a/charts/drop/templates/crds-drop.corewire.io_cachedimagesets.yaml b/charts/drop/templates/crds-drop.corewire.io_cachedimagesets.yaml index 45fb9b2..6a97ac9 100644 --- a/charts/drop/templates/crds-drop.corewire.io_cachedimagesets.yaml +++ b/charts/drop/templates/crds-drop.corewire.io_cachedimagesets.yaml @@ -1,3 +1,4 @@ +{{- /* Generated from config/crd/bases — do not edit manually. Run make sync-crds */ -}} {{- if .Values.crds.install }} --- apiVersion: apiextensions.k8s.io/v1 @@ -40,7 +41,8 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: CachedImageSet is the Schema for the cachedimagesets API. + description: CachedImageSet manages a group of images to cache, optionally + backed by a DiscoveryPolicy. properties: apiVersion: description: |- diff --git a/charts/drop/templates/crds-drop.corewire.io_discoverypolicies.yaml b/charts/drop/templates/crds-drop.corewire.io_discoverypolicies.yaml index 35d4edc..118ca57 100644 --- a/charts/drop/templates/crds-drop.corewire.io_discoverypolicies.yaml +++ b/charts/drop/templates/crds-drop.corewire.io_discoverypolicies.yaml @@ -1,3 +1,4 @@ +{{- /* Generated from config/crd/bases — do not edit manually. Run make sync-crds */ -}} {{- if .Values.crds.install }} --- apiVersion: apiextensions.k8s.io/v1 @@ -40,7 +41,8 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: DiscoveryPolicy is the Schema for the discoverypolicies API. + description: DiscoveryPolicy automatically discovers images from registries + or Prometheus metrics. properties: apiVersion: description: |- diff --git a/charts/drop/templates/crds-drop.corewire.io_pullpolicies.yaml b/charts/drop/templates/crds-drop.corewire.io_pullpolicies.yaml index feeea37..7c674be 100644 --- a/charts/drop/templates/crds-drop.corewire.io_pullpolicies.yaml +++ b/charts/drop/templates/crds-drop.corewire.io_pullpolicies.yaml @@ -1,3 +1,4 @@ +{{- /* Generated from config/crd/bases — do not edit manually. Run make sync-crds */ -}} {{- if .Values.crds.install }} --- apiVersion: apiextensions.k8s.io/v1 @@ -34,7 +35,7 @@ spec: schema: openAPIV3Schema: description: |- - PullPolicy is the Schema for the pullpolicies API. + PullPolicy controls the pacing and retry behavior for image pulls across cluster nodes. It is a configuration-only resource with no status. properties: apiVersion: diff --git a/config/crd/bases/drop.corewire.io_cachedimages.yaml b/config/crd/bases/drop.corewire.io_cachedimages.yaml index 1bce2fd..cc9d58f 100644 --- a/config/crd/bases/drop.corewire.io_cachedimages.yaml +++ b/config/crd/bases/drop.corewire.io_cachedimages.yaml @@ -52,7 +52,8 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: CachedImage is the Schema for the cachedimages API. + description: CachedImage ensures a single container image is pre-cached on + cluster nodes. properties: apiVersion: description: |- diff --git a/config/crd/bases/drop.corewire.io_cachedimagesets.yaml b/config/crd/bases/drop.corewire.io_cachedimagesets.yaml index 3372da6..0ea3cf7 100644 --- a/config/crd/bases/drop.corewire.io_cachedimagesets.yaml +++ b/config/crd/bases/drop.corewire.io_cachedimagesets.yaml @@ -39,7 +39,8 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: CachedImageSet is the Schema for the cachedimagesets API. + description: CachedImageSet manages a group of images to cache, optionally + backed by a DiscoveryPolicy. properties: apiVersion: description: |- diff --git a/config/crd/bases/drop.corewire.io_discoverypolicies.yaml b/config/crd/bases/drop.corewire.io_discoverypolicies.yaml index d4dad33..397fa38 100644 --- a/config/crd/bases/drop.corewire.io_discoverypolicies.yaml +++ b/config/crd/bases/drop.corewire.io_discoverypolicies.yaml @@ -39,7 +39,8 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: DiscoveryPolicy is the Schema for the discoverypolicies API. + description: DiscoveryPolicy automatically discovers images from registries + or Prometheus metrics. properties: apiVersion: description: |- diff --git a/config/crd/bases/drop.corewire.io_pullpolicies.yaml b/config/crd/bases/drop.corewire.io_pullpolicies.yaml index 96cad10..2f2155e 100644 --- a/config/crd/bases/drop.corewire.io_pullpolicies.yaml +++ b/config/crd/bases/drop.corewire.io_pullpolicies.yaml @@ -33,7 +33,7 @@ spec: schema: openAPIV3Schema: description: |- - PullPolicy is the Schema for the pullpolicies API. + PullPolicy controls the pacing and retry behavior for image pulls across cluster nodes. It is a configuration-only resource with no status. properties: apiVersion: From cc85493d8353fb8240ea126b7c7642fa41fbb863 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 29 May 2026 20:20:35 +0000 Subject: [PATCH 4/4] ci: generate and publish drop-crds chart entirely in CI - CI helm-lint job runs `make sync-crds` to generate CRD templates before linting - Release workflow publishes both drop and drop-crds charts from generated sources - E2E uses sync-crds instead of just manifests - Generated CRD templates added to .gitignore (no longer committed) --- .github/workflows/ci.yml | 19 +- .github/workflows/release.yml | 12 +- .gitignore | 4 + .../drop.corewire.io_cachedimages.yaml | 310 ------------------ .../drop.corewire.io_cachedimagesets.yaml | 270 --------------- .../drop.corewire.io_discoverypolicies.yaml | 277 ---------------- .../drop.corewire.io_pullpolicies.yaml | 140 -------- .../crds-drop.corewire.io_cachedimages.yaml | 310 ------------------ ...crds-drop.corewire.io_cachedimagesets.yaml | 270 --------------- ...ds-drop.corewire.io_discoverypolicies.yaml | 277 ---------------- .../crds-drop.corewire.io_pullpolicies.yaml | 140 -------- 11 files changed, 29 insertions(+), 2000 deletions(-) delete mode 100644 charts/drop-crds/templates/drop.corewire.io_cachedimages.yaml delete mode 100644 charts/drop-crds/templates/drop.corewire.io_cachedimagesets.yaml delete mode 100644 charts/drop-crds/templates/drop.corewire.io_discoverypolicies.yaml delete mode 100644 charts/drop-crds/templates/drop.corewire.io_pullpolicies.yaml delete mode 100644 charts/drop/templates/crds-drop.corewire.io_cachedimages.yaml delete mode 100644 charts/drop/templates/crds-drop.corewire.io_cachedimagesets.yaml delete mode 100644 charts/drop/templates/crds-drop.corewire.io_discoverypolicies.yaml delete mode 100644 charts/drop/templates/crds-drop.corewire.io_pullpolicies.yaml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1b63629..f14b89c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -55,11 +55,20 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 + - uses: actions/setup-go@v6 + with: + go-version-file: go.mod - uses: azure/setup-helm@v5 - - name: Lint Helm chart - run: helm lint charts/drop - - name: Template Helm chart - run: helm template drop charts/drop + - name: Generate CRDs and sync into charts + run: make sync-crds + - name: Lint Helm charts + run: | + helm lint charts/drop + helm lint charts/drop-crds + - name: Template Helm charts + run: | + helm template drop charts/drop + helm template drop-crds charts/drop-crds docs-build: runs-on: ubuntu-latest @@ -103,7 +112,7 @@ jobs: - name: Install CRDs run: | make controller-gen - make manifests + make sync-crds kubectl apply -f config/crd/bases/ - name: Deploy E2E infrastructure (Prometheus + Registry) run: make e2e-infra diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 648bb6c..ab2e15e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -161,13 +161,23 @@ jobs: subject-digest: ${{ steps.build.outputs.digest }} push-to-registry: true - - name: Package and push Helm chart + - name: Package and push Helm charts if: steps.changes.outputs.skip != 'true' run: | VERSION=${{ steps.version.outputs.version }} echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io -u ${{ github.actor }} --password-stdin + + # Sync CRDs from generated sources into chart templates + make sync-crds + + # Package and push main operator chart helm package charts/drop --version "${VERSION#v}" --app-version "${VERSION#v}" helm push drop-*.tgz oci://ghcr.io/$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')/charts + rm -f drop-*.tgz + + # Package and push CRDs chart + helm package charts/drop-crds --version "${VERSION#v}" --app-version "${VERSION#v}" + helm push drop-crds-*.tgz oci://ghcr.io/$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')/charts - name: Create GitHub Release if: steps.changes.outputs.skip != 'true' diff --git a/.gitignore b/.gitignore index 06989d0..94e121d 100644 --- a/.gitignore +++ b/.gitignore @@ -39,3 +39,7 @@ docs/.hugo_build.lock # Generated docs-gen binary /gen-ai-docs .kubeconfig + +# Generated CRD chart templates (produced by make sync-crds in CI) +charts/drop-crds/templates/drop.corewire.io_*.yaml +charts/drop/templates/crds-drop.corewire.io_*.yaml diff --git a/charts/drop-crds/templates/drop.corewire.io_cachedimages.yaml b/charts/drop-crds/templates/drop.corewire.io_cachedimages.yaml deleted file mode 100644 index 8aa3e0f..0000000 --- a/charts/drop-crds/templates/drop.corewire.io_cachedimages.yaml +++ /dev/null @@ -1,310 +0,0 @@ -{{- /* Generated from config/crd/bases — do not edit manually. Run make sync-crds */ -}} -{{- if .Values.install }} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.17.2 - name: cachedimages.drop.corewire.io -spec: - group: drop.corewire.io - names: - categories: - - drop - kind: CachedImage - listKind: CachedImageList - plural: cachedimages - singular: cachedimage - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.image - name: Image - type: string - - jsonPath: .spec.tag - name: Tag - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].reason - name: Status - type: string - - jsonPath: .status.ready - name: Ready - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.resolvedDigest - name: Digest - priority: 1 - type: string - - description: Parent CachedImageSet - jsonPath: .metadata.labels.drop\.corewire\.io/imageset - name: Set - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Message - priority: 1 - type: string - - jsonPath: .spec.policyRef.name - name: Policy - priority: 1 - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: CachedImage ensures a single container image is pre-cached on - cluster nodes. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CachedImageSpec defines the desired state of CachedImage. - properties: - digest: - description: Digest to pull (immutable reference). Mutually exclusive - with Tag. - type: string - image: - description: Image is the fully qualified image reference (registry/repository). - minLength: 1 - type: string - imagePullPolicy: - default: Always - description: |- - ImagePullPolicy controls when kubelet pulls the image. - Defaults to Always (checks upstream digest, only downloads if changed). - Set to IfNotPresent to skip the registry check when the tag already exists locally. - enum: - - Always - - IfNotPresent - - Never - type: string - imagePullSecrets: - description: ImagePullSecrets are references to secrets for pulling - from private registries. - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: NodeSelector restricts which nodes to cache the image - on. - type: object - policyRef: - description: PolicyRef references a PullPolicy for pacing controls. - properties: - name: - description: Name of the PullPolicy resource. - minLength: 1 - type: string - required: - - name - type: object - priority: - description: Priority is a pull ordering hint (lower values pulled - first). - format: int32 - type: integer - tag: - description: Tag to pull. Mutually exclusive with Digest. - type: string - tolerations: - description: Tolerations allow targeting tainted nodes. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - required: - - image - type: object - status: - description: CachedImageStatus defines the observed state of CachedImage. - properties: - cachedNodes: - description: CachedNodes is the list of node names that have successfully - cached the image. - items: - type: string - type: array - conditions: - description: |- - Conditions represent the latest available observations. - Condition types: Ready, PullProgress. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - consecutiveFailures: - description: ConsecutiveFailures counts sequential reconcile failures - for backoff calculation. - format: int32 - type: integer - lastAttemptedAt: - description: LastAttemptedAt is the timestamp of the most recent pull - attempt (success or failure). - format: date-time - type: string - lastPulledAt: - description: LastPulledAt is the timestamp of the most recent successful - pull. - format: date-time - type: string - nodesPulling: - description: NodesPulling is the number of nodes currently pulling - the image. - format: int32 - type: integer - nodesReady: - description: NodesReady is the number of nodes that have successfully - pulled the image. - format: int32 - type: integer - nodesTargeted: - description: NodesTargeted is the number of nodes that should have - this image. - format: int32 - type: integer - observedGeneration: - description: ObservedGeneration is the last generation reconciled. - format: int64 - type: integer - phase: - description: Phase summarizes the overall state. - enum: - - Pending - - Pulling - - Ready - - Degraded - type: string - ready: - description: Ready is a human-readable "nodesReady/nodesTargeted" - fraction for display. - type: string - resolvedDigest: - description: ResolvedDigest is the sha256 digest of the image as reported - by the container runtime after pull. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} diff --git a/charts/drop-crds/templates/drop.corewire.io_cachedimagesets.yaml b/charts/drop-crds/templates/drop.corewire.io_cachedimagesets.yaml deleted file mode 100644 index 13721f7..0000000 --- a/charts/drop-crds/templates/drop.corewire.io_cachedimagesets.yaml +++ /dev/null @@ -1,270 +0,0 @@ -{{- /* Generated from config/crd/bases — do not edit manually. Run make sync-crds */ -}} -{{- if .Values.install }} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.17.2 - name: cachedimagesets.drop.corewire.io -spec: - group: drop.corewire.io - names: - categories: - - drop - kind: CachedImageSet - listKind: CachedImageSetList - plural: cachedimagesets - singular: cachedimageset - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].reason - name: Status - type: string - - jsonPath: .status.imagesReady - name: Ready - type: string - - jsonPath: .status.imagesManaged - name: Managed - type: integer - - jsonPath: .spec.discoveryPolicyRef.name - name: Source - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Message - priority: 1 - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: CachedImageSet manages a group of images to cache, optionally - backed by a DiscoveryPolicy. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CachedImageSetSpec defines the desired state of CachedImageSet. - properties: - discoveryPolicyRef: - description: DiscoveryPolicyRef references a DiscoveryPolicy for dynamic - image lists. - properties: - name: - description: Name of the DiscoveryPolicy resource. - minLength: 1 - type: string - required: - - name - type: object - imagePullPolicy: - default: Always - description: ImagePullPolicy controls when kubelet pulls the image - (propagated to children). - enum: - - Always - - IfNotPresent - - Never - type: string - imagePullSecrets: - description: ImagePullSecrets are references to secrets for pulling - from private registries (propagated to children). - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - images: - description: Images is a static list of images to cache. - items: - description: ImageEntry defines a single image to include in a set. - properties: - digest: - description: Digest to pull. - type: string - image: - description: Image is the fully qualified image reference (registry/repository). - minLength: 1 - type: string - tag: - description: Tag to pull. - type: string - required: - - image - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: NodeSelector restricts which nodes to cache images on - (propagated to children). - type: object - policyRef: - description: PolicyRef references a PullPolicy for pacing controls. - properties: - name: - description: Name of the PullPolicy resource. - minLength: 1 - type: string - required: - - name - type: object - tolerations: - description: Tolerations allow targeting tainted nodes (propagated - to children). - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - status: - description: CachedImageSetStatus defines the observed state of CachedImageSet. - properties: - conditions: - description: Conditions represent the latest available observations. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - imagesManaged: - description: ImagesManaged is the number of CachedImage children managed - by this set. - format: int32 - type: integer - imagesReady: - description: ImagesReady is the number of children in Ready phase. - format: int32 - type: integer - observedGeneration: - description: ObservedGeneration is the last generation reconciled. - format: int64 - type: integer - phase: - description: Phase summarizes the overall state. - enum: - - Pending - - Ready - - Degraded - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} diff --git a/charts/drop-crds/templates/drop.corewire.io_discoverypolicies.yaml b/charts/drop-crds/templates/drop.corewire.io_discoverypolicies.yaml deleted file mode 100644 index 5703f7a..0000000 --- a/charts/drop-crds/templates/drop.corewire.io_discoverypolicies.yaml +++ /dev/null @@ -1,277 +0,0 @@ -{{- /* Generated from config/crd/bases — do not edit manually. Run make sync-crds */ -}} -{{- if .Values.install }} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.17.2 - name: discoverypolicies.drop.corewire.io -spec: - group: drop.corewire.io - names: - categories: - - drop - kind: DiscoveryPolicy - listKind: DiscoveryPolicyList - plural: discoverypolicies - singular: discoverypolicy - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].reason - name: Status - type: string - - jsonPath: .status.sourceCount - name: Sources - type: integer - - jsonPath: .status.imageCount - name: Images - type: integer - - jsonPath: .status.lastSyncTime - name: LastSync - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Message - priority: 1 - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: DiscoveryPolicy automatically discovers images from registries - or Prometheus metrics. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DiscoveryPolicySpec defines the desired state of DiscoveryPolicy. - properties: - imageFilter: - description: ImageFilter is a regex to filter discovered images. - type: string - maxImages: - default: 50 - description: MaxImages caps the number of discovered images. - format: int32 - minimum: 1 - type: integer - sources: - description: Sources is the list of discovery backends to query. - items: - description: DiscoverySource defines a single discovery backend. - properties: - prometheus: - description: Prometheus config (when type=prometheus). - properties: - endpoint: - description: Endpoint is the Prometheus API URL. - minLength: 1 - type: string - lookback: - description: |- - Lookback is the time window to aggregate over (e.g. "7d", "24h"). - When set, uses query_range and sums values to rank by total usage. - When unset, uses an instant query (point-in-time). - type: string - query: - description: Query is the PromQL query that must return - an 'image' label. - minLength: 1 - type: string - step: - default: 5m - description: Step is the query resolution step for range - queries. - type: string - required: - - endpoint - - query - type: object - registry: - description: Registry config (when type=registry). - properties: - imageTemplate: - description: |- - ImageTemplate is a Go text/template for constructing the full image reference. - Available variables: .Registry, .Repository, .Tag - type: string - repositories: - description: Repositories is the list of repositories to - query. - items: - type: string - minItems: 1 - type: array - tagFilter: - description: TagFilter is a regex to filter tags. - type: string - topX: - description: TopX limits the number of tags to fetch per - repository. - format: int32 - minimum: 1 - type: integer - url: - description: URL is the registry base URL. - minLength: 1 - type: string - required: - - repositories - - url - type: object - secretRef: - description: SecretRef references a Secret for auth/TLS for - this source. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: - description: Type identifies the backend. - enum: - - prometheus - - registry - type: string - required: - - type - type: object - minItems: 1 - type: array - syncInterval: - default: 30m - description: SyncInterval is how often to re-query sources. - type: string - required: - - sources - type: object - status: - description: DiscoveryPolicyStatus defines the observed state of DiscoveryPolicy. - properties: - conditions: - description: Conditions represent the latest available observations. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - discoveredImages: - description: DiscoveredImages is the list of discovered images from - all sources. - items: - description: DiscoveredImage represents a single discovered image - with metadata. - properties: - image: - description: Image is the fully qualified image reference. - type: string - score: - description: Score is the ranking score from the source (higher - = more relevant). - format: int64 - type: integer - source: - description: Source identifies which discovery source produced - this image. - type: string - required: - - image - - score - - source - type: object - type: array - imageCount: - description: ImageCount is the number of discovered images. - format: int32 - type: integer - lastSyncTime: - description: LastSyncTime is the timestamp of the last successful - sync. - format: date-time - type: string - sourceCount: - description: SourceCount is the number of configured sources. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} diff --git a/charts/drop-crds/templates/drop.corewire.io_pullpolicies.yaml b/charts/drop-crds/templates/drop.corewire.io_pullpolicies.yaml deleted file mode 100644 index 4dcc872..0000000 --- a/charts/drop-crds/templates/drop.corewire.io_pullpolicies.yaml +++ /dev/null @@ -1,140 +0,0 @@ -{{- /* Generated from config/crd/bases — do not edit manually. Run make sync-crds */ -}} -{{- if .Values.install }} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.17.2 - name: pullpolicies.drop.corewire.io -spec: - group: drop.corewire.io - names: - categories: - - drop - kind: PullPolicy - listKind: PullPolicyList - plural: pullpolicies - singular: pullpolicy - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.maxConcurrentNodes - name: MaxNodes - type: integer - - jsonPath: .spec.minDelayBetweenPulls - name: MinDelay - type: string - - jsonPath: .spec.repullInterval - name: RepullInterval - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - PullPolicy controls the pacing and retry behavior for image pulls across cluster nodes. - It is a configuration-only resource with no status. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: PullPolicySpec defines pacing and behavior configuration - for image pulls. - properties: - failureBackoff: - description: FailureBackoff configures retry delays on pull failures. - properties: - initial: - default: 30s - description: Initial delay before first retry. - type: string - max: - default: 5m - description: Max delay cap for exponential backoff. - type: string - type: object - maxConcurrentNodes: - default: 1 - description: MaxConcurrentNodes is the max nodes pulling simultaneously - for this policy. - format: int32 - minimum: 1 - type: integer - minDelayBetweenPulls: - default: 10s - description: MinDelayBetweenPulls is the minimum time between starting - pulls on different nodes. - type: string - nodeSelector: - additionalProperties: - type: string - description: NodeSelector scopes this policy to a specific node pool. - type: object - repullInterval: - description: RepullInterval is how often to re-pull cached images. - Zero or unset means never re-pull. - type: string - tolerations: - description: Tolerations match tainted nodes in the pool. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: {} -{{- end }} diff --git a/charts/drop/templates/crds-drop.corewire.io_cachedimages.yaml b/charts/drop/templates/crds-drop.corewire.io_cachedimages.yaml deleted file mode 100644 index 249d710..0000000 --- a/charts/drop/templates/crds-drop.corewire.io_cachedimages.yaml +++ /dev/null @@ -1,310 +0,0 @@ -{{- /* Generated from config/crd/bases — do not edit manually. Run make sync-crds */ -}} -{{- if .Values.crds.install }} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.17.2 - name: cachedimages.drop.corewire.io -spec: - group: drop.corewire.io - names: - categories: - - drop - kind: CachedImage - listKind: CachedImageList - plural: cachedimages - singular: cachedimage - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.image - name: Image - type: string - - jsonPath: .spec.tag - name: Tag - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].reason - name: Status - type: string - - jsonPath: .status.ready - name: Ready - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.resolvedDigest - name: Digest - priority: 1 - type: string - - description: Parent CachedImageSet - jsonPath: .metadata.labels.drop\.corewire\.io/imageset - name: Set - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Message - priority: 1 - type: string - - jsonPath: .spec.policyRef.name - name: Policy - priority: 1 - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: CachedImage ensures a single container image is pre-cached on - cluster nodes. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CachedImageSpec defines the desired state of CachedImage. - properties: - digest: - description: Digest to pull (immutable reference). Mutually exclusive - with Tag. - type: string - image: - description: Image is the fully qualified image reference (registry/repository). - minLength: 1 - type: string - imagePullPolicy: - default: Always - description: |- - ImagePullPolicy controls when kubelet pulls the image. - Defaults to Always (checks upstream digest, only downloads if changed). - Set to IfNotPresent to skip the registry check when the tag already exists locally. - enum: - - Always - - IfNotPresent - - Never - type: string - imagePullSecrets: - description: ImagePullSecrets are references to secrets for pulling - from private registries. - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: NodeSelector restricts which nodes to cache the image - on. - type: object - policyRef: - description: PolicyRef references a PullPolicy for pacing controls. - properties: - name: - description: Name of the PullPolicy resource. - minLength: 1 - type: string - required: - - name - type: object - priority: - description: Priority is a pull ordering hint (lower values pulled - first). - format: int32 - type: integer - tag: - description: Tag to pull. Mutually exclusive with Digest. - type: string - tolerations: - description: Tolerations allow targeting tainted nodes. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - required: - - image - type: object - status: - description: CachedImageStatus defines the observed state of CachedImage. - properties: - cachedNodes: - description: CachedNodes is the list of node names that have successfully - cached the image. - items: - type: string - type: array - conditions: - description: |- - Conditions represent the latest available observations. - Condition types: Ready, PullProgress. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - consecutiveFailures: - description: ConsecutiveFailures counts sequential reconcile failures - for backoff calculation. - format: int32 - type: integer - lastAttemptedAt: - description: LastAttemptedAt is the timestamp of the most recent pull - attempt (success or failure). - format: date-time - type: string - lastPulledAt: - description: LastPulledAt is the timestamp of the most recent successful - pull. - format: date-time - type: string - nodesPulling: - description: NodesPulling is the number of nodes currently pulling - the image. - format: int32 - type: integer - nodesReady: - description: NodesReady is the number of nodes that have successfully - pulled the image. - format: int32 - type: integer - nodesTargeted: - description: NodesTargeted is the number of nodes that should have - this image. - format: int32 - type: integer - observedGeneration: - description: ObservedGeneration is the last generation reconciled. - format: int64 - type: integer - phase: - description: Phase summarizes the overall state. - enum: - - Pending - - Pulling - - Ready - - Degraded - type: string - ready: - description: Ready is a human-readable "nodesReady/nodesTargeted" - fraction for display. - type: string - resolvedDigest: - description: ResolvedDigest is the sha256 digest of the image as reported - by the container runtime after pull. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} diff --git a/charts/drop/templates/crds-drop.corewire.io_cachedimagesets.yaml b/charts/drop/templates/crds-drop.corewire.io_cachedimagesets.yaml deleted file mode 100644 index 6a97ac9..0000000 --- a/charts/drop/templates/crds-drop.corewire.io_cachedimagesets.yaml +++ /dev/null @@ -1,270 +0,0 @@ -{{- /* Generated from config/crd/bases — do not edit manually. Run make sync-crds */ -}} -{{- if .Values.crds.install }} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.17.2 - name: cachedimagesets.drop.corewire.io -spec: - group: drop.corewire.io - names: - categories: - - drop - kind: CachedImageSet - listKind: CachedImageSetList - plural: cachedimagesets - singular: cachedimageset - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].reason - name: Status - type: string - - jsonPath: .status.imagesReady - name: Ready - type: string - - jsonPath: .status.imagesManaged - name: Managed - type: integer - - jsonPath: .spec.discoveryPolicyRef.name - name: Source - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Message - priority: 1 - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: CachedImageSet manages a group of images to cache, optionally - backed by a DiscoveryPolicy. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CachedImageSetSpec defines the desired state of CachedImageSet. - properties: - discoveryPolicyRef: - description: DiscoveryPolicyRef references a DiscoveryPolicy for dynamic - image lists. - properties: - name: - description: Name of the DiscoveryPolicy resource. - minLength: 1 - type: string - required: - - name - type: object - imagePullPolicy: - default: Always - description: ImagePullPolicy controls when kubelet pulls the image - (propagated to children). - enum: - - Always - - IfNotPresent - - Never - type: string - imagePullSecrets: - description: ImagePullSecrets are references to secrets for pulling - from private registries (propagated to children). - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - images: - description: Images is a static list of images to cache. - items: - description: ImageEntry defines a single image to include in a set. - properties: - digest: - description: Digest to pull. - type: string - image: - description: Image is the fully qualified image reference (registry/repository). - minLength: 1 - type: string - tag: - description: Tag to pull. - type: string - required: - - image - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: NodeSelector restricts which nodes to cache images on - (propagated to children). - type: object - policyRef: - description: PolicyRef references a PullPolicy for pacing controls. - properties: - name: - description: Name of the PullPolicy resource. - minLength: 1 - type: string - required: - - name - type: object - tolerations: - description: Tolerations allow targeting tainted nodes (propagated - to children). - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - status: - description: CachedImageSetStatus defines the observed state of CachedImageSet. - properties: - conditions: - description: Conditions represent the latest available observations. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - imagesManaged: - description: ImagesManaged is the number of CachedImage children managed - by this set. - format: int32 - type: integer - imagesReady: - description: ImagesReady is the number of children in Ready phase. - format: int32 - type: integer - observedGeneration: - description: ObservedGeneration is the last generation reconciled. - format: int64 - type: integer - phase: - description: Phase summarizes the overall state. - enum: - - Pending - - Ready - - Degraded - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} diff --git a/charts/drop/templates/crds-drop.corewire.io_discoverypolicies.yaml b/charts/drop/templates/crds-drop.corewire.io_discoverypolicies.yaml deleted file mode 100644 index 118ca57..0000000 --- a/charts/drop/templates/crds-drop.corewire.io_discoverypolicies.yaml +++ /dev/null @@ -1,277 +0,0 @@ -{{- /* Generated from config/crd/bases — do not edit manually. Run make sync-crds */ -}} -{{- if .Values.crds.install }} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.17.2 - name: discoverypolicies.drop.corewire.io -spec: - group: drop.corewire.io - names: - categories: - - drop - kind: DiscoveryPolicy - listKind: DiscoveryPolicyList - plural: discoverypolicies - singular: discoverypolicy - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].reason - name: Status - type: string - - jsonPath: .status.sourceCount - name: Sources - type: integer - - jsonPath: .status.imageCount - name: Images - type: integer - - jsonPath: .status.lastSyncTime - name: LastSync - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Message - priority: 1 - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: DiscoveryPolicy automatically discovers images from registries - or Prometheus metrics. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DiscoveryPolicySpec defines the desired state of DiscoveryPolicy. - properties: - imageFilter: - description: ImageFilter is a regex to filter discovered images. - type: string - maxImages: - default: 50 - description: MaxImages caps the number of discovered images. - format: int32 - minimum: 1 - type: integer - sources: - description: Sources is the list of discovery backends to query. - items: - description: DiscoverySource defines a single discovery backend. - properties: - prometheus: - description: Prometheus config (when type=prometheus). - properties: - endpoint: - description: Endpoint is the Prometheus API URL. - minLength: 1 - type: string - lookback: - description: |- - Lookback is the time window to aggregate over (e.g. "7d", "24h"). - When set, uses query_range and sums values to rank by total usage. - When unset, uses an instant query (point-in-time). - type: string - query: - description: Query is the PromQL query that must return - an 'image' label. - minLength: 1 - type: string - step: - default: 5m - description: Step is the query resolution step for range - queries. - type: string - required: - - endpoint - - query - type: object - registry: - description: Registry config (when type=registry). - properties: - imageTemplate: - description: |- - ImageTemplate is a Go text/template for constructing the full image reference. - Available variables: .Registry, .Repository, .Tag - type: string - repositories: - description: Repositories is the list of repositories to - query. - items: - type: string - minItems: 1 - type: array - tagFilter: - description: TagFilter is a regex to filter tags. - type: string - topX: - description: TopX limits the number of tags to fetch per - repository. - format: int32 - minimum: 1 - type: integer - url: - description: URL is the registry base URL. - minLength: 1 - type: string - required: - - repositories - - url - type: object - secretRef: - description: SecretRef references a Secret for auth/TLS for - this source. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: - description: Type identifies the backend. - enum: - - prometheus - - registry - type: string - required: - - type - type: object - minItems: 1 - type: array - syncInterval: - default: 30m - description: SyncInterval is how often to re-query sources. - type: string - required: - - sources - type: object - status: - description: DiscoveryPolicyStatus defines the observed state of DiscoveryPolicy. - properties: - conditions: - description: Conditions represent the latest available observations. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - discoveredImages: - description: DiscoveredImages is the list of discovered images from - all sources. - items: - description: DiscoveredImage represents a single discovered image - with metadata. - properties: - image: - description: Image is the fully qualified image reference. - type: string - score: - description: Score is the ranking score from the source (higher - = more relevant). - format: int64 - type: integer - source: - description: Source identifies which discovery source produced - this image. - type: string - required: - - image - - score - - source - type: object - type: array - imageCount: - description: ImageCount is the number of discovered images. - format: int32 - type: integer - lastSyncTime: - description: LastSyncTime is the timestamp of the last successful - sync. - format: date-time - type: string - sourceCount: - description: SourceCount is the number of configured sources. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} diff --git a/charts/drop/templates/crds-drop.corewire.io_pullpolicies.yaml b/charts/drop/templates/crds-drop.corewire.io_pullpolicies.yaml deleted file mode 100644 index 7c674be..0000000 --- a/charts/drop/templates/crds-drop.corewire.io_pullpolicies.yaml +++ /dev/null @@ -1,140 +0,0 @@ -{{- /* Generated from config/crd/bases — do not edit manually. Run make sync-crds */ -}} -{{- if .Values.crds.install }} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.17.2 - name: pullpolicies.drop.corewire.io -spec: - group: drop.corewire.io - names: - categories: - - drop - kind: PullPolicy - listKind: PullPolicyList - plural: pullpolicies - singular: pullpolicy - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.maxConcurrentNodes - name: MaxNodes - type: integer - - jsonPath: .spec.minDelayBetweenPulls - name: MinDelay - type: string - - jsonPath: .spec.repullInterval - name: RepullInterval - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - PullPolicy controls the pacing and retry behavior for image pulls across cluster nodes. - It is a configuration-only resource with no status. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: PullPolicySpec defines pacing and behavior configuration - for image pulls. - properties: - failureBackoff: - description: FailureBackoff configures retry delays on pull failures. - properties: - initial: - default: 30s - description: Initial delay before first retry. - type: string - max: - default: 5m - description: Max delay cap for exponential backoff. - type: string - type: object - maxConcurrentNodes: - default: 1 - description: MaxConcurrentNodes is the max nodes pulling simultaneously - for this policy. - format: int32 - minimum: 1 - type: integer - minDelayBetweenPulls: - default: 10s - description: MinDelayBetweenPulls is the minimum time between starting - pulls on different nodes. - type: string - nodeSelector: - additionalProperties: - type: string - description: NodeSelector scopes this policy to a specific node pool. - type: object - repullInterval: - description: RepullInterval is how often to re-pull cached images. - Zero or unset means never re-pull. - type: string - tolerations: - description: Tolerations match tainted nodes in the pool. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: {} -{{- end }}