{ "description": "Generator information:\n- Generated from: /kubernetesconfiguration/resource-manager/Microsoft.KubernetesConfiguration/fluxConfigurations/stable/2024-11-01/fluxconfiguration.json\n- ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{clusterRp}/{clusterResourceName}/{clusterName}/providers/Microsoft.KubernetesConfiguration/fluxConfigurations/{fluxConfigurationName}", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "properties": { "azureBlob": { "description": "AzureBlob: Parameters to reconcile to the AzureBlob source kind type.", "properties": { "accountKey": { "description": "AccountKey: The account key (shared key) to access the storage account", "properties": { "key": { "description": "Key is the key in the Kubernetes secret being referenced", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes secret being referenced.\nThe secret must be in the same namespace as the resource", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "containerName": { "description": "ContainerName: The Azure Blob container name to sync from the url endpoint for the flux configuration.", "type": "string" }, "localAuthRef": { "description": "LocalAuthRef: Name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the\nmanaged or user-provided configuration secrets.", "type": "string" }, "managedIdentity": { "description": "ManagedIdentity: Parameters to authenticate using a Managed Identity.", "properties": { "clientId": { "description": "ClientId: The client Id for authenticating a Managed Identity.", "type": "string" } }, "type": "object", "additionalProperties": false }, "sasToken": { "description": "SasToken: The Shared Access token to access the storage container", "properties": { "key": { "description": "Key is the key in the Kubernetes secret being referenced", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes secret being referenced.\nThe secret must be in the same namespace as the resource", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "servicePrincipal": { "description": "ServicePrincipal: Parameters to authenticate using Service Principal.", "properties": { "clientCertificate": { "description": "ClientCertificate: Base64-encoded certificate used to authenticate a Service Principal", "properties": { "key": { "description": "Key is the key in the Kubernetes secret being referenced", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes secret being referenced.\nThe secret must be in the same namespace as the resource", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "clientCertificatePassword": { "description": "ClientCertificatePassword: The password for the certificate used to authenticate a Service Principal", "properties": { "key": { "description": "Key is the key in the Kubernetes secret being referenced", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes secret being referenced.\nThe secret must be in the same namespace as the resource", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "clientCertificateSendChain": { "description": "ClientCertificateSendChain: Specifies whether to include x5c header in client claims when acquiring a token to enable\nsubject name / issuer based authentication for the Client Certificate", "type": "boolean" }, "clientId": { "description": "ClientId: The client Id for authenticating a Service Principal.", "type": "string" }, "clientIdFromConfig": { "description": "ClientIdFromConfig: The client Id for authenticating a Service Principal.", "properties": { "key": { "description": "Key is the key in the Kubernetes configmap being referenced", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes configmap being referenced.\nThe configmap must be in the same namespace as the resource", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "clientSecret": { "description": "ClientSecret: The client secret for authenticating a Service Principal", "properties": { "key": { "description": "Key is the key in the Kubernetes secret being referenced", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes secret being referenced.\nThe secret must be in the same namespace as the resource", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "tenantId": { "description": "TenantId: The tenant Id for authenticating a Service Principal", "type": "string" }, "tenantIdFromConfig": { "description": "TenantIdFromConfig: The tenant Id for authenticating a Service Principal", "properties": { "key": { "description": "Key is the key in the Kubernetes configmap being referenced", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes configmap being referenced.\nThe configmap must be in the same namespace as the resource", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "syncIntervalInSeconds": { "description": "SyncIntervalInSeconds: The interval at which to re-reconcile the cluster Azure Blob source with the remote.", "type": "integer" }, "timeoutInSeconds": { "description": "TimeoutInSeconds: The maximum time to attempt to reconcile the cluster Azure Blob source with the remote.", "type": "integer" }, "url": { "description": "Url: The URL to sync for the flux configuration Azure Blob storage account.", "type": "string" } }, "type": "object", "additionalProperties": false }, "azureName": { "description": "AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it\ndoesn't have to be.", "type": "string" }, "bucket": { "description": "Bucket: Parameters to reconcile to the Bucket source kind type.", "properties": { "accessKey": { "description": "AccessKey: Plaintext access key used to securely access the S3 bucket", "properties": { "key": { "description": "Key is the key in the Kubernetes secret being referenced", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes secret being referenced.\nThe secret must be in the same namespace as the resource", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "bucketName": { "description": "BucketName: The bucket name to sync from the url endpoint for the flux configuration.", "type": "string" }, "insecure": { "description": "Insecure: Specify whether to use insecure communication when puling data from the S3 bucket.", "type": "boolean" }, "localAuthRef": { "description": "LocalAuthRef: Name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the\nmanaged or user-provided configuration secrets.", "type": "string" }, "syncIntervalInSeconds": { "description": "SyncIntervalInSeconds: The interval at which to re-reconcile the cluster bucket source with the remote.", "type": "integer" }, "timeoutInSeconds": { "description": "TimeoutInSeconds: The maximum time to attempt to reconcile the cluster bucket source with the remote.", "type": "integer" }, "url": { "description": "Url: The URL to sync for the flux configuration S3 bucket.", "type": "string" } }, "type": "object", "additionalProperties": false }, "configurationProtectedSettings": { "description": "ConfigurationProtectedSettings: Key-value pairs of protected configuration settings for the configuration", "properties": { "name": { "description": "Name is the name of the Kubernetes secret being referenced.\nThe secret must be in the same namespace as the resource", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "gitRepository": { "description": "GitRepository: Parameters to reconcile to the GitRepository source kind type.", "properties": { "httpsCACert": { "description": "HttpsCACert: Base64-encoded HTTPS certificate authority contents used to access git private git repositories over HTTPS", "properties": { "key": { "description": "Key is the key in the Kubernetes secret being referenced", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes secret being referenced.\nThe secret must be in the same namespace as the resource", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "httpsUser": { "description": "HttpsUser: Plaintext HTTPS username used to access private git repositories over HTTPS", "type": "string" }, "localAuthRef": { "description": "LocalAuthRef: Name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the\nmanaged or user-provided configuration secrets.", "type": "string" }, "provider": { "description": "Provider: Name of the provider used for authentication.", "enum": [ "Azure", "Generic" ], "type": "string" }, "repositoryRef": { "description": "RepositoryRef: The source reference for the GitRepository object.", "properties": { "branch": { "description": "Branch: The git repository branch name to checkout.", "type": "string" }, "commit": { "description": "Commit: The commit SHA to checkout. This value must be combined with the branch name to be valid. This takes precedence\nover semver.", "type": "string" }, "semver": { "description": "Semver: The semver range used to match against git repository tags. This takes precedence over tag.", "type": "string" }, "tag": { "description": "Tag: The git repository tag name to checkout. This takes precedence over branch.", "type": "string" } }, "type": "object", "additionalProperties": false }, "sshKnownHosts": { "description": "SshKnownHosts: Base64-encoded known_hosts value containing public SSH keys required to access private git repositories\nover SSH", "type": "string" }, "syncIntervalInSeconds": { "description": "SyncIntervalInSeconds: The interval at which to re-reconcile the cluster git repository source with the remote.", "type": "integer" }, "timeoutInSeconds": { "description": "TimeoutInSeconds: The maximum time to attempt to reconcile the cluster git repository source with the remote.", "type": "integer" }, "url": { "description": "Url: The URL to sync for the flux configuration git repository.", "type": "string" } }, "type": "object", "additionalProperties": false }, "kustomizations": { "additionalProperties": { "description": "The Kustomization defining how to reconcile the artifact pulled by the source type on the cluster.", "properties": { "dependsOn": { "description": "DependsOn: Specifies other Kustomizations that this Kustomization depends on. This Kustomization will not reconcile\nuntil all dependencies have completed their reconciliation.", "items": { "type": "string" }, "type": "array" }, "force": { "description": "Force: Enable/disable re-creating Kubernetes resources on the cluster when patching fails due to an immutable field\nchange.", "type": "boolean" }, "path": { "description": "Path: The path in the source reference to reconcile on the cluster.", "type": "string" }, "postBuild": { "description": "PostBuild: Used for variable substitution for this Kustomization after kustomize build.", "properties": { "substitute": { "additionalProperties": { "type": "string" }, "description": "Substitute: Key/value pairs holding the variables to be substituted in this Kustomization.", "type": "object" }, "substituteFrom": { "description": "SubstituteFrom: Array of ConfigMaps/Secrets from which the variables are substituted for this Kustomization.", "items": { "description": "Array of ConfigMaps/Secrets from which the variables are substituted for this Kustomization.", "properties": { "kind": { "description": "Kind: Define whether it is ConfigMap or Secret that holds the variables to be used in substitution.", "type": "string" }, "name": { "description": "Name: Name of the ConfigMap/Secret that holds the variables to be used in substitution.", "type": "string" }, "optional": { "description": "Optional: Set to True to proceed without ConfigMap/Secret, if it is not present.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "prune": { "description": "Prune: Enable/disable garbage collections of Kubernetes objects created by this Kustomization.", "type": "boolean" }, "retryIntervalInSeconds": { "description": "RetryIntervalInSeconds: The interval at which to re-reconcile the Kustomization on the cluster in the event of failure\non reconciliation.", "type": "integer" }, "syncIntervalInSeconds": { "description": "SyncIntervalInSeconds: The interval at which to re-reconcile the Kustomization on the cluster.", "type": "integer" }, "timeoutInSeconds": { "description": "TimeoutInSeconds: The maximum time to attempt to reconcile the Kustomization on the cluster.", "type": "integer" }, "wait": { "description": "Wait: Enable/disable health check for all Kubernetes objects created by this Kustomization.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "description": "Kustomizations: Array of kustomizations used to reconcile the artifact pulled by the source type on the cluster.", "type": "object" }, "namespace": { "description": "Namespace: The namespace to which this configuration is installed to. Maximum of 253 lower case alphanumeric characters,\nhyphen and period only.", "type": "string" }, "ociRepository": { "description": "OciRepository: Parameters to reconcile to the OCIRepository source kind type.", "properties": { "insecure": { "description": "Insecure: Specify whether to allow connecting to a non-TLS HTTP container registry.", "type": "boolean" }, "layerSelector": { "description": "LayerSelector: The layer to be pulled from the OCI artifact.", "properties": { "mediaType": { "description": "MediaType: The first layer matching the specified media type will be used.", "type": "string" }, "operation": { "description": "Operation: The operation to be performed on the selected layer. The default value is 'extract', but it can be set to\n'copy'.", "enum": [ "copy", "extract" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "localAuthRef": { "description": "LocalAuthRef: Name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the\nmanaged or user-provided configuration secrets.", "type": "string" }, "repositoryRef": { "description": "RepositoryRef: The source reference for the OCIRepository object.", "properties": { "digest": { "description": "Digest: The image digest to pull from OCI repository, the value should be in the format \u2018sha256:\u2019. This takes\nprecedence over semver.", "type": "string" }, "semver": { "description": "Semver: The semver range used to match against OCI repository tags. This takes precedence over tag.", "type": "string" }, "tag": { "description": "Tag: The OCI repository image tag name to pull. This defaults to 'latest'.", "type": "string" } }, "type": "object", "additionalProperties": false }, "serviceAccountName": { "description": "ServiceAccountName: The service account name to authenticate with the OCI repository.", "type": "string" }, "syncIntervalInSeconds": { "description": "SyncIntervalInSeconds: The interval at which to re-reconcile the cluster OCI repository source with the remote.", "type": "integer" }, "timeoutInSeconds": { "description": "TimeoutInSeconds: The maximum time to attempt to reconcile the cluster OCI repository source with the remote.", "type": "integer" }, "tlsConfig": { "description": "TlsConfig: Parameters to authenticate using TLS config for OCI repository.", "properties": { "caCertificate": { "description": "CaCertificate: Base64-encoded CA certificate used to verify the server.", "properties": { "key": { "description": "Key is the key in the Kubernetes secret being referenced", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes secret being referenced.\nThe secret must be in the same namespace as the resource", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "clientCertificate": { "description": "ClientCertificate: Base64-encoded certificate used to authenticate a client with the OCI repository.", "properties": { "key": { "description": "Key is the key in the Kubernetes secret being referenced", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes secret being referenced.\nThe secret must be in the same namespace as the resource", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "privateKey": { "description": "PrivateKey: Base64-encoded private key used to authenticate a client with the OCI repository.", "properties": { "key": { "description": "Key is the key in the Kubernetes secret being referenced", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes secret being referenced.\nThe secret must be in the same namespace as the resource", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "url": { "description": "Url: The URL to sync for the flux configuration OCI repository.", "type": "string" }, "useWorkloadIdentity": { "description": "UseWorkloadIdentity: Specifies whether to use Workload Identity to authenticate with the OCI repository.", "type": "boolean" }, "verify": { "description": "Verify: Verification of the authenticity of an OCI Artifact.", "properties": { "matchOidcIdentity": { "description": "MatchOidcIdentity: Array defining the criteria for matching the identity while verifying an OCI artifact.", "items": { "description": "MatchOIDCIdentity defines the criteria for matching the identity while verifying an OCI artifact.", "properties": { "issuer": { "description": "Issuer: The regex pattern to match against to verify the OIDC issuer.", "type": "string" }, "subject": { "description": "Subject: The regex pattern to match against to verify the identity subject.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "provider": { "description": "Provider: Verification provider name.", "type": "string" }, "verificationConfig": { "additionalProperties": { "type": "string" }, "description": "VerificationConfig: An object containing trusted public keys of trusted authors.", "type": "object" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "operatorSpec": { "description": "OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not\npassed directly to Azure", "properties": { "configMapExpressions": { "description": "ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).", "items": { "description": "DestinationExpression is a CEL expression and a destination to store the result in. The destination may\nbe a secret or a configmap. The value of the expression is stored at the specified location in\nthe destination.", "properties": { "key": { "description": "Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string\nthis is required to identify what key to write to. If the CEL expression in Value returns a map[string]string\nKey must not be set, instead the keys written will be determined dynamically based on the keys of the resulting\nmap[string]string.", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes configmap or secret to write to.\nThe configmap or secret will be created in the same namespace as the resource.", "type": "string" }, "value": { "description": "Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information\non CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/", "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "type": "array" }, "secretExpressions": { "description": "SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).", "items": { "description": "DestinationExpression is a CEL expression and a destination to store the result in. The destination may\nbe a secret or a configmap. The value of the expression is stored at the specified location in\nthe destination.", "properties": { "key": { "description": "Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string\nthis is required to identify what key to write to. If the CEL expression in Value returns a map[string]string\nKey must not be set, instead the keys written will be determined dynamically based on the keys of the resulting\nmap[string]string.", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes configmap or secret to write to.\nThe configmap or secret will be created in the same namespace as the resource.", "type": "string" }, "value": { "description": "Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information\non CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/", "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "owner": { "description": "Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also\ncontrols the resources lifecycle. When the owner is deleted the resource will also be deleted. This resource is an\nextension resource, which means that any other Azure resource can be its owner.", "properties": { "armId": { "description": "Ownership across namespaces is not supported.", "pattern": "(?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$)", "type": "string" }, "group": { "description": "Group is the Kubernetes group of the resource.", "type": "string" }, "kind": { "description": "Kind is the Kubernetes kind of the resource.", "type": "string" }, "name": { "description": "This is the name of the Kubernetes resource to reference.", "type": "string" } }, "type": "object", "additionalProperties": false }, "reconciliationWaitDuration": { "description": "ReconciliationWaitDuration: Maximum duration to wait for flux configuration reconciliation. E.g PT1H, PT5M, P1D", "type": "string" }, "scope": { "description": "Scope: Scope at which the operator will be installed.", "enum": [ "cluster", "namespace" ], "type": "string" }, "sourceKind": { "description": "SourceKind: Source Kind to pull the configuration data from.", "enum": [ "AzureBlob", "Bucket", "GitRepository", "OCIRepository" ], "type": "string" }, "suspend": { "description": "Suspend: Whether this configuration should suspend its reconciliation of its kustomizations and sources.", "type": "boolean" }, "waitForReconciliation": { "description": "WaitForReconciliation: Whether flux configuration deployment should wait for cluster to reconcile the kustomizations.", "type": "boolean" } }, "required": [ "owner" ], "type": "object", "additionalProperties": false }, "status": { "description": "The Flux Configuration object returned in Get & Put response.", "properties": { "azureBlob": { "description": "AzureBlob: Parameters to reconcile to the AzureBlob source kind type.", "properties": { "containerName": { "description": "ContainerName: The Azure Blob container name to sync from the url endpoint for the flux configuration.", "type": "string" }, "localAuthRef": { "description": "LocalAuthRef: Name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the\nmanaged or user-provided configuration secrets.", "type": "string" }, "managedIdentity": { "description": "ManagedIdentity: Parameters to authenticate using a Managed Identity.", "properties": { "clientId": { "description": "ClientId: The client Id for authenticating a Managed Identity.", "type": "string" } }, "type": "object", "additionalProperties": false }, "servicePrincipal": { "description": "ServicePrincipal: Parameters to authenticate using Service Principal.", "properties": { "clientCertificateSendChain": { "description": "ClientCertificateSendChain: Specifies whether to include x5c header in client claims when acquiring a token to enable\nsubject name / issuer based authentication for the Client Certificate", "type": "boolean" }, "clientId": { "description": "ClientId: The client Id for authenticating a Service Principal.", "type": "string" }, "tenantId": { "description": "TenantId: The tenant Id for authenticating a Service Principal", "type": "string" } }, "type": "object", "additionalProperties": false }, "syncIntervalInSeconds": { "description": "SyncIntervalInSeconds: The interval at which to re-reconcile the cluster Azure Blob source with the remote.", "type": "integer" }, "timeoutInSeconds": { "description": "TimeoutInSeconds: The maximum time to attempt to reconcile the cluster Azure Blob source with the remote.", "type": "integer" }, "url": { "description": "Url: The URL to sync for the flux configuration Azure Blob storage account.", "type": "string" } }, "type": "object", "additionalProperties": false }, "bucket": { "description": "Bucket: Parameters to reconcile to the Bucket source kind type.", "properties": { "bucketName": { "description": "BucketName: The bucket name to sync from the url endpoint for the flux configuration.", "type": "string" }, "insecure": { "description": "Insecure: Specify whether to use insecure communication when puling data from the S3 bucket.", "type": "boolean" }, "localAuthRef": { "description": "LocalAuthRef: Name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the\nmanaged or user-provided configuration secrets.", "type": "string" }, "syncIntervalInSeconds": { "description": "SyncIntervalInSeconds: The interval at which to re-reconcile the cluster bucket source with the remote.", "type": "integer" }, "timeoutInSeconds": { "description": "TimeoutInSeconds: The maximum time to attempt to reconcile the cluster bucket source with the remote.", "type": "integer" }, "url": { "description": "Url: The URL to sync for the flux configuration S3 bucket.", "type": "string" } }, "type": "object", "additionalProperties": false }, "complianceState": { "description": "ComplianceState: Combined status of the Flux Kubernetes resources created by the fluxConfiguration or created by the\nmanaged objects.", "type": "string" }, "conditions": { "description": "Conditions: The observed state of the resource", "items": { "description": "Condition defines an extension to status (an observation) of a resource", "properties": { "lastTransitionTime": { "description": "LastTransitionTime is the last time the condition transitioned from one status to another.", "format": "date-time", "type": "string" }, "message": { "description": "Message is a human readable message indicating details about the transition. This field may be empty.", "type": "string" }, "observedGeneration": { "description": "ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if\n.metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "type": "integer" }, "reason": { "description": "Reason for the condition's last transition.\nReasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty.", "type": "string" }, "severity": { "description": "Severity with which to treat failures of this type of condition.\nFor conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True\nFor conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False.\nThis is omitted in all cases when Status == Unknown", "type": "string" }, "status": { "description": "Status of the condition, one of True, False, or Unknown.", "type": "string" }, "type": { "description": "Type of condition.", "type": "string" } }, "required": [ "lastTransitionTime", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "configurationProtectedSettings": { "additionalProperties": { "type": "string" }, "description": "ConfigurationProtectedSettings: Key-value pairs of protected configuration settings for the configuration", "type": "object" }, "errorMessage": { "description": "ErrorMessage: Error message returned to the user in the case of provisioning failure.", "type": "string" }, "gitRepository": { "description": "GitRepository: Parameters to reconcile to the GitRepository source kind type.", "properties": { "httpsUser": { "description": "HttpsUser: Plaintext HTTPS username used to access private git repositories over HTTPS", "type": "string" }, "localAuthRef": { "description": "LocalAuthRef: Name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the\nmanaged or user-provided configuration secrets.", "type": "string" }, "provider": { "description": "Provider: Name of the provider used for authentication.", "type": "string" }, "repositoryRef": { "description": "RepositoryRef: The source reference for the GitRepository object.", "properties": { "branch": { "description": "Branch: The git repository branch name to checkout.", "type": "string" }, "commit": { "description": "Commit: The commit SHA to checkout. This value must be combined with the branch name to be valid. This takes precedence\nover semver.", "type": "string" }, "semver": { "description": "Semver: The semver range used to match against git repository tags. This takes precedence over tag.", "type": "string" }, "tag": { "description": "Tag: The git repository tag name to checkout. This takes precedence over branch.", "type": "string" } }, "type": "object", "additionalProperties": false }, "sshKnownHosts": { "description": "SshKnownHosts: Base64-encoded known_hosts value containing public SSH keys required to access private git repositories\nover SSH", "type": "string" }, "syncIntervalInSeconds": { "description": "SyncIntervalInSeconds: The interval at which to re-reconcile the cluster git repository source with the remote.", "type": "integer" }, "timeoutInSeconds": { "description": "TimeoutInSeconds: The maximum time to attempt to reconcile the cluster git repository source with the remote.", "type": "integer" }, "url": { "description": "Url: The URL to sync for the flux configuration git repository.", "type": "string" } }, "type": "object", "additionalProperties": false }, "id": { "description": "Id: Fully qualified resource ID for the resource. Ex -\n/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}", "type": "string" }, "kustomizations": { "additionalProperties": { "description": "The Kustomization defining how to reconcile the artifact pulled by the source type on the cluster.", "properties": { "dependsOn": { "description": "DependsOn: Specifies other Kustomizations that this Kustomization depends on. This Kustomization will not reconcile\nuntil all dependencies have completed their reconciliation.", "items": { "type": "string" }, "type": "array" }, "force": { "description": "Force: Enable/disable re-creating Kubernetes resources on the cluster when patching fails due to an immutable field\nchange.", "type": "boolean" }, "name": { "description": "Name: Name of the Kustomization, matching the key in the Kustomizations object map.", "type": "string" }, "path": { "description": "Path: The path in the source reference to reconcile on the cluster.", "type": "string" }, "postBuild": { "description": "PostBuild: Used for variable substitution for this Kustomization after kustomize build.", "properties": { "substitute": { "additionalProperties": { "type": "string" }, "description": "Substitute: Key/value pairs holding the variables to be substituted in this Kustomization.", "type": "object" }, "substituteFrom": { "description": "SubstituteFrom: Array of ConfigMaps/Secrets from which the variables are substituted for this Kustomization.", "items": { "description": "Array of ConfigMaps/Secrets from which the variables are substituted for this Kustomization.", "properties": { "kind": { "description": "Kind: Define whether it is ConfigMap or Secret that holds the variables to be used in substitution.", "type": "string" }, "name": { "description": "Name: Name of the ConfigMap/Secret that holds the variables to be used in substitution.", "type": "string" }, "optional": { "description": "Optional: Set to True to proceed without ConfigMap/Secret, if it is not present.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "prune": { "description": "Prune: Enable/disable garbage collections of Kubernetes objects created by this Kustomization.", "type": "boolean" }, "retryIntervalInSeconds": { "description": "RetryIntervalInSeconds: The interval at which to re-reconcile the Kustomization on the cluster in the event of failure\non reconciliation.", "type": "integer" }, "syncIntervalInSeconds": { "description": "SyncIntervalInSeconds: The interval at which to re-reconcile the Kustomization on the cluster.", "type": "integer" }, "timeoutInSeconds": { "description": "TimeoutInSeconds: The maximum time to attempt to reconcile the Kustomization on the cluster.", "type": "integer" }, "wait": { "description": "Wait: Enable/disable health check for all Kubernetes objects created by this Kustomization.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "description": "Kustomizations: Array of kustomizations used to reconcile the artifact pulled by the source type on the cluster.", "type": "object" }, "name": { "description": "Name: The name of the resource", "type": "string" }, "namespace": { "description": "Namespace: The namespace to which this configuration is installed to. Maximum of 253 lower case alphanumeric characters,\nhyphen and period only.", "type": "string" }, "ociRepository": { "description": "OciRepository: Parameters to reconcile to the OCIRepository source kind type.", "properties": { "insecure": { "description": "Insecure: Specify whether to allow connecting to a non-TLS HTTP container registry.", "type": "boolean" }, "layerSelector": { "description": "LayerSelector: The layer to be pulled from the OCI artifact.", "properties": { "mediaType": { "description": "MediaType: The first layer matching the specified media type will be used.", "type": "string" }, "operation": { "description": "Operation: The operation to be performed on the selected layer. The default value is 'extract', but it can be set to\n'copy'.", "type": "string" } }, "type": "object", "additionalProperties": false }, "localAuthRef": { "description": "LocalAuthRef: Name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the\nmanaged or user-provided configuration secrets.", "type": "string" }, "repositoryRef": { "description": "RepositoryRef: The source reference for the OCIRepository object.", "properties": { "digest": { "description": "Digest: The image digest to pull from OCI repository, the value should be in the format \u2018sha256:\u2019. This takes\nprecedence over semver.", "type": "string" }, "semver": { "description": "Semver: The semver range used to match against OCI repository tags. This takes precedence over tag.", "type": "string" }, "tag": { "description": "Tag: The OCI repository image tag name to pull. This defaults to 'latest'.", "type": "string" } }, "type": "object", "additionalProperties": false }, "serviceAccountName": { "description": "ServiceAccountName: The service account name to authenticate with the OCI repository.", "type": "string" }, "syncIntervalInSeconds": { "description": "SyncIntervalInSeconds: The interval at which to re-reconcile the cluster OCI repository source with the remote.", "type": "integer" }, "timeoutInSeconds": { "description": "TimeoutInSeconds: The maximum time to attempt to reconcile the cluster OCI repository source with the remote.", "type": "integer" }, "tlsConfig": { "description": "TlsConfig: Parameters to authenticate using TLS config for OCI repository.", "type": "object" }, "url": { "description": "Url: The URL to sync for the flux configuration OCI repository.", "type": "string" }, "useWorkloadIdentity": { "description": "UseWorkloadIdentity: Specifies whether to use Workload Identity to authenticate with the OCI repository.", "type": "boolean" }, "verify": { "description": "Verify: Verification of the authenticity of an OCI Artifact.", "properties": { "matchOidcIdentity": { "description": "MatchOidcIdentity: Array defining the criteria for matching the identity while verifying an OCI artifact.", "items": { "description": "MatchOIDCIdentity defines the criteria for matching the identity while verifying an OCI artifact.", "properties": { "issuer": { "description": "Issuer: The regex pattern to match against to verify the OIDC issuer.", "type": "string" }, "subject": { "description": "Subject: The regex pattern to match against to verify the identity subject.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "provider": { "description": "Provider: Verification provider name.", "type": "string" }, "verificationConfig": { "additionalProperties": { "type": "string" }, "description": "VerificationConfig: An object containing trusted public keys of trusted authors.", "type": "object" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "reconciliationWaitDuration": { "description": "ReconciliationWaitDuration: Maximum duration to wait for flux configuration reconciliation. E.g PT1H, PT5M, P1D", "type": "string" }, "repositoryPublicKey": { "description": "RepositoryPublicKey: Public Key associated with this fluxConfiguration (either generated within the cluster or provided\nby the user).", "type": "string" }, "scope": { "description": "Scope: Scope at which the operator will be installed.", "type": "string" }, "sourceKind": { "description": "SourceKind: Source Kind to pull the configuration data from.", "type": "string" }, "sourceSyncedCommitId": { "description": "SourceSyncedCommitId: Branch and/or SHA of the source commit synced with the cluster.", "type": "string" }, "sourceUpdatedAt": { "description": "SourceUpdatedAt: Datetime the fluxConfiguration synced its source on the cluster.", "type": "string" }, "statusUpdatedAt": { "description": "StatusUpdatedAt: Datetime the fluxConfiguration synced its status on the cluster with Azure.", "type": "string" }, "statuses": { "description": "Statuses: Statuses of the Flux Kubernetes resources created by the fluxConfiguration or created by the managed objects\nprovisioned by the fluxConfiguration.", "items": { "description": "Statuses of objects deployed by the user-specified kustomizations from the git repository.", "properties": { "appliedBy": { "description": "AppliedBy: Object reference to the Kustomization that applied this object", "properties": { "name": { "description": "Name: Name of the object", "type": "string" }, "namespace": { "description": "Namespace: Namespace of the object", "type": "string" } }, "type": "object", "additionalProperties": false }, "complianceState": { "description": "ComplianceState: Compliance state of the applied object showing whether the applied object has come into a ready state\non the cluster.", "type": "string" }, "helmReleaseProperties": { "description": "HelmReleaseProperties: Additional properties that are provided from objects of the HelmRelease kind", "properties": { "failureCount": { "description": "FailureCount: Total number of times that the HelmRelease failed to install or upgrade", "type": "integer" }, "helmChartRef": { "description": "HelmChartRef: The reference to the HelmChart object used as the source to this HelmRelease", "properties": { "name": { "description": "Name: Name of the object", "type": "string" }, "namespace": { "description": "Namespace: Namespace of the object", "type": "string" } }, "type": "object", "additionalProperties": false }, "installFailureCount": { "description": "InstallFailureCount: Number of times that the HelmRelease failed to install", "type": "integer" }, "lastRevisionApplied": { "description": "LastRevisionApplied: The revision number of the last released object change", "type": "integer" }, "upgradeFailureCount": { "description": "UpgradeFailureCount: Number of times that the HelmRelease failed to upgrade", "type": "integer" } }, "type": "object", "additionalProperties": false }, "kind": { "description": "Kind: Kind of the applied object", "type": "string" }, "name": { "description": "Name: Name of the applied object", "type": "string" }, "namespace": { "description": "Namespace: Namespace of the applied object", "type": "string" }, "statusConditions": { "description": "StatusConditions: List of Kubernetes object status conditions present on the cluster", "items": { "description": "Status condition of Kubernetes object", "properties": { "lastTransitionTime": { "description": "LastTransitionTime: Last time this status condition has changed", "type": "string" }, "message": { "description": "Message: A more verbose description of the object status condition", "type": "string" }, "reason": { "description": "Reason: Reason for the specified status condition type status", "type": "string" }, "status": { "description": "Status: Status of the Kubernetes object condition type", "type": "string" }, "type": { "description": "Type: Object status condition type for this object", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "suspend": { "description": "Suspend: Whether this configuration should suspend its reconciliation of its kustomizations and sources.", "type": "boolean" }, "type": { "description": "Type: The type of the resource. E.g. \"Microsoft.Compute/virtualMachines\" or \"Microsoft.Storage/storageAccounts\"", "type": "string" }, "waitForReconciliation": { "description": "WaitForReconciliation: Whether flux configuration deployment should wait for cluster to reconcile the kustomizations.", "type": "boolean" } }, "type": "object", "additionalProperties": false } }, "type": "object" }