From 13b81b8b9e84e3e5669edf10b499d3133340bdeb Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Tue, 9 Jul 2024 09:42:57 -0700 Subject: [PATCH] Keep Helm CRDs in sync (#598) Quick fix for #596 to keep Helm CRDs up to date. --- deploy/helm/pulumi-operator/Chart.yaml | 2 +- .../pulumi-operator/crds/program-crd.yaml | 78 +- .../helm/pulumi-operator/crds/stack-crd.yaml | 1066 ++++++++++------- scripts/generate_crds.sh | 2 + 4 files changed, 661 insertions(+), 487 deletions(-) diff --git a/deploy/helm/pulumi-operator/Chart.yaml b/deploy/helm/pulumi-operator/Chart.yaml index 652da240..1146fc15 100755 --- a/deploy/helm/pulumi-operator/Chart.yaml +++ b/deploy/helm/pulumi-operator/Chart.yaml @@ -9,7 +9,7 @@ icon: https://www.pulumi.com/logos/brand/avatar-on-white.svg type: application -version: 0.7.4 +version: 0.8.0 appVersion: 1.14.0 keywords: diff --git a/deploy/helm/pulumi-operator/crds/program-crd.yaml b/deploy/helm/pulumi-operator/crds/program-crd.yaml index 2c05e44c..3d9fbc44 100644 --- a/deploy/helm/pulumi-operator/crds/program-crd.yaml +++ b/deploy/helm/pulumi-operator/crds/program-crd.yaml @@ -1,9 +1,10 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: programs.pulumi.com annotations: - controller-gen.kubebuilder.io/version: v0.9.2 + controller-gen.kubebuilder.io/version: v0.15.0 + name: programs.pulumi.com spec: group: pulumi.com names: @@ -23,14 +24,19 @@ spec: description: Program is the schema for the inline YAML program API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -40,8 +46,8 @@ spec: additionalProperties: properties: default: - description: default is a value of the appropriate type for the - template to use if no value is specified. + description: default is a value of the appropriate type for + the template to use if no value is specified. x-kubernetes-preserve-unknown-fields: true type: description: type is the (required) data type for the parameter. @@ -52,8 +58,9 @@ spec: - List type: string type: object - description: configuration specifies the Pulumi config inputs to the - deployment. Either type or default is required. + description: |- + configuration specifies the Pulumi config inputs to the deployment. + Either type or default is required. type: object outputs: additionalProperties: @@ -75,16 +82,16 @@ spec: state: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: state contains the known properties (input & - output) of the resource. This assists the provider in figuring - out the correct resource. + description: |- + state contains the known properties (input & output) of the resource. This assists + the provider in figuring out the correct resource. type: object required: - id type: object options: - description: options contains all resource options supported by - Pulumi. + description: options contains all resource options supported + by Pulumi. properties: additionalSecretOutputs: description: additionalSecretOutputs specifies properties @@ -93,9 +100,9 @@ spec: type: string type: array aliases: - description: aliases specifies names that this resource used - to have, so that renaming or refactoring doesn’t replace - it. + description: |- + aliases specifies names that this resource used to have, so that renaming or refactoring + doesn’t replace it. items: type: string type: array @@ -104,13 +111,16 @@ spec: behavior for resource provisioning. properties: create: - description: create is the custom timeout for create operations. + description: create is the custom timeout for create + operations. type: string delete: - description: delete is the custom timeout for delete operations. + description: delete is the custom timeout for delete + operations. type: string update: - description: update is the custom timeout for update operations. + description: update is the custom timeout for update + operations. type: string type: object deleteBeforeReplace: @@ -134,9 +144,9 @@ spec: cloud account under the control of Pulumi. type: string parent: - description: parent resource option specifies a parent for - a resource. It is used to associate children with the parents - that encapsulate or are responsible for them. + description: |- + parent resource option specifies a parent for a resource. It is used to associate + children with the parents that encapsulate or are responsible for them. x-kubernetes-preserve-unknown-fields: true protect: description: protect prevents accidental deletion of a resource. @@ -152,8 +162,8 @@ spec: for the resource and its children. type: object version: - description: version specifies a provider plugin version that - should be used when operating on a resource. + description: version specifies a provider plugin version + that should be used when operating on a resource. type: string type: object properties: @@ -169,18 +179,18 @@ spec: required: - type type: object - description: resources declares the Pulumi resources that will be deployed - and managed by the program. + description: resources declares the Pulumi resources that will be + deployed and managed by the program. type: object variables: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: variables specifies intermediate values of the program; - the values of variables are expressions that can be re-used. + description: |- + variables specifies intermediate values of the program; the values of variables are + expressions that can be re-used. type: object type: object type: object served: true storage: true - subresources: - status: {} + subresources: {} diff --git a/deploy/helm/pulumi-operator/crds/stack-crd.yaml b/deploy/helm/pulumi-operator/crds/stack-crd.yaml index 0519110a..89fcd034 100644 --- a/deploy/helm/pulumi-operator/crds/stack-crd.yaml +++ b/deploy/helm/pulumi-operator/crds/stack-crd.yaml @@ -1,9 +1,10 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: stacks.pulumi.com annotations: - controller-gen.kubebuilder.io/version: v0.9.2 + controller-gen.kubebuilder.io/version: v0.15.0 + name: stacks.pulumi.com spec: group: pulumi.com names: @@ -26,78 +27,85 @@ spec: description: Stack is the Schema for the stacks API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: StackSpec defines the desired state of Pulumi Stack being managed - by this operator. + description: StackSpec defines the desired state of Pulumi Stack being + managed by this operator. properties: accessTokenSecret: - description: '(optional) AccessTokenSecret is the name of a secret containing - the PULUMI_ACCESS_TOKEN for Pulumi access. Deprecated: use EnvRefs - with a "secret" entry with the key PULUMI_ACCESS_TOKEN instead.' + description: |- + (optional) AccessTokenSecret is the name of a Secret containing the PULUMI_ACCESS_TOKEN for Pulumi access. + Deprecated: use EnvRefs with a "secret" entry with the key PULUMI_ACCESS_TOKEN instead. type: string backend: - description: '(optional) Backend is an optional backend URL to use for - all Pulumi operations.
Examples:
- Pulumi Service: "https://app.pulumi.com" - (default)
- Self-managed Pulumi Service: "https://pulumi.acmecorp.com" -
- Local: "file://./einstein"
- AWS: "s3://" -
- Azure: "azblob://" -
- GCP: "gs://" -
See: https://www.pulumi.com/docs/intro/concepts/state/' + description: |- + (optional) Backend is an optional backend URL to use for all Pulumi operations.
+ Examples:
+ - Pulumi Service: "https://app.pulumi.com" (default)
+ - Self-managed Pulumi Service: "https://pulumi.acmecorp.com"
+ - Local: "file://./einstein"
+ - AWS: "s3://"
+ - Azure: "azblob://"
+ - GCP: "gs://"
+ See: https://www.pulumi.com/docs/intro/concepts/state/ type: string branch: - description: (optional) Branch is the branch name to deploy, either - the simple or fully qualified ref name, e.g. refs/heads/master. This - is mutually exclusive with the Commit setting. Either value needs - to be specified. When specified, the operator will periodically poll - to check if the branch has any new commits. The frequency of the polling - is configurable through ResyncFrequencySeconds, defaulting to every - 60 seconds. + description: |- + (optional) Branch is the branch name to deploy, either the simple or fully qualified ref name, e.g. refs/heads/master. This + is mutually exclusive with the Commit setting. Either value needs to be specified. + When specified, the operator will periodically poll to check if the branch has any new commits. + The frequency of the polling is configurable through ResyncFrequencySeconds, defaulting to every 60 seconds. type: string commit: - description: (optional) Commit is the hash of the commit to deploy. - If used, HEAD will be in detached mode. This is mutually exclusive - with the Branch setting. Either value needs to be specified. + description: |- + (optional) Commit is the hash of the commit to deploy. If used, HEAD will be in detached mode. This + is mutually exclusive with the Branch setting. Either value needs to be specified. type: string config: additionalProperties: type: string - description: (optional) Config is the configuration for this stack, - which can be optionally specified inline. If this is omitted, configuration - is assumed to be checked in and taken from the source repository. + description: |- + (optional) Config is the configuration for this stack, which can be optionally specified inline. If this + is omitted, configuration is assumed to be checked in and taken from the source repository. type: object continueResyncOnCommitMatch: - description: (optional) ContinueResyncOnCommitMatch - when true - informs - the operator to continue trying to update stacks even if the revision - of the source matches. This might be useful in environments where - Pulumi programs have dynamic elements for example, calls to internal - APIs where GitOps style commit tracking is not sufficient. Defaults - to false, i.e. when a particular revision is successfully run, the - operator will not attempt to rerun the program at that revision again. + description: |- + (optional) ContinueResyncOnCommitMatch - when true - informs the operator to continue trying + to update stacks even if the revision of the source matches. This might be useful in + environments where Pulumi programs have dynamic elements for example, calls to internal APIs + where GitOps style commit tracking is not sufficient. Defaults to false, i.e. when a + particular revision is successfully run, the operator will not attempt to rerun the program + at that revision again. type: boolean destroyOnFinalize: description: (optional) DestroyOnFinalize can be set to true to destroy - the stack completely upon deletion of the CRD. + the stack completely upon deletion of the Stack custom resource. type: boolean envRefs: additionalProperties: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, Kubernetes - secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: - description: Env selects an environment variable set on the operator - process + description: Env selects an environment variable set on the + operator process properties: name: description: Name of the environment variable @@ -126,61 +134,65 @@ spec: - value type: object secret: - description: SecretRef refers to a Kubernetes secret + description: SecretRef refers to a Kubernetes Secret properties: key: - description: Key within the secret to use. + description: Key within the Secret to use. type: string name: - description: Name of the secret + description: Name of the Secret type: string namespace: - description: Namespace where the secret is stored. Deprecated; - non-empty values will be considered invalid unless namespace - isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the type - of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object - description: (optional) EnvRefs is an optional map containing environment - variables as keys and stores descriptors to where the variables' values - should be loaded from (one of literal, environment variable, file - on the filesystem, or Kubernetes secret) as values. + description: |- + (optional) EnvRefs is an optional map containing environment variables as keys and stores descriptors to where + the variables' values should be loaded from (one of literal, environment variable, file on the + filesystem, or Kubernetes Secret) as values. type: object envSecrets: - description: '(optional) SecretEnvs is an optional array of secret names - containing environment variables to set. Deprecated: use EnvRefs instead.' + description: |- + (optional) SecretEnvs is an optional array of Secret names containing environment variables to set. + Deprecated: use EnvRefs instead. items: type: string type: array envs: - description: '(optional) Envs is an optional array of config maps containing - environment variables to set. Deprecated: use EnvRefs instead.' + description: |- + (optional) Envs is an optional array of config maps containing environment variables to set. + Deprecated: use EnvRefs instead. items: type: string type: array expectNoRefreshChanges: - description: (optional) ExpectNoRefreshChanges can be set to true if - a stack is not expected to have changes during a refresh before the - update is run. This could occur, for example, is a resource's state - is changing outside of Pulumi (e.g., metadata, timestamps). + description: |- + (optional) ExpectNoRefreshChanges can be set to true if a stack is not expected to have + changes during a refresh before the update is run. + This could occur, for example, is a resource's state is changing outside of Pulumi + (e.g., metadata, timestamps). type: boolean fluxSource: - description: FluxSource specifies how to fetch source code from a Flux - source object. + description: FluxSource specifies how to fetch source code from a + Flux source object. properties: dir: - description: Dir gives the subdirectory containing the Pulumi project - (i.e., containing Pulumi.yaml) of interest, within the fetched - source. + description: |- + Dir gives the subdirectory containing the Pulumi project (i.e., containing Pulumi.yaml) of + interest, within the fetched source. type: string sourceRef: properties: @@ -199,18 +211,21 @@ spec: - sourceRef type: object gitAuth: - description: '(optional) GitAuth allows configuring git authentication - options There are 3 different authentication options: * SSH private - key (and its optional password) * Personal access token * Basic auth - username and password Only one authentication mode will be considered - if more than one option is specified, with ssh private key/password - preferred first, then personal access token, and finally basic auth - credentials.' + description: |- + (optional) GitAuth allows configuring git authentication options + There are 3 different authentication options: + * SSH private key (and its optional password) + * Personal access token + * Basic auth username and password + Only one authentication mode will be considered if more than one option is specified, + with ssh private key/password preferred first, then personal access token, and finally + basic auth credentials. properties: accessToken: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, - Kubernetes secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on the @@ -243,39 +258,41 @@ spec: - value type: object secret: - description: SecretRef refers to a Kubernetes secret + description: SecretRef refers to a Kubernetes Secret properties: key: - description: Key within the secret to use. + description: Key within the Secret to use. type: string name: - description: Name of the secret + description: Name of the Secret type: string namespace: - description: Namespace where the secret is stored. Deprecated; - non-empty values will be considered invalid unless namespace - isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the type - of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object basicAuth: - description: BasicAuth configures git authentication through basic - auth — i.e. username and password. Both UserName and Password - are required. + description: |- + BasicAuth configures git authentication through basic auth — + i.e. username and password. Both UserName and Password are required. properties: password: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, - Kubernetes secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on @@ -292,8 +309,8 @@ spec: file system properties: path: - description: Path on the filesystem to use to load information - from. + description: Path on the filesystem to use to load + information from. type: string required: - path @@ -308,34 +325,36 @@ spec: - value type: object secret: - description: SecretRef refers to a Kubernetes secret + description: SecretRef refers to a Kubernetes Secret properties: key: - description: Key within the secret to use. + description: Key within the Secret to use. type: string name: - description: Name of the secret + description: Name of the Secret type: string namespace: - description: Namespace where the secret is stored. Deprecated; - non-empty values will be considered invalid unless - namespace isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the - type of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object userName: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, - Kubernetes secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on @@ -352,8 +371,8 @@ spec: file system properties: path: - description: Path on the filesystem to use to load information - from. + description: Path on the filesystem to use to load + information from. type: string required: - path @@ -368,26 +387,27 @@ spec: - value type: object secret: - description: SecretRef refers to a Kubernetes secret + description: SecretRef refers to a Kubernetes Secret properties: key: - description: Key within the secret to use. + description: Key within the Secret to use. type: string name: - description: Name of the secret + description: Name of the Secret type: string namespace: - description: Namespace where the secret is stored. Deprecated; - non-empty values will be considered invalid unless - namespace isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the - type of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type @@ -397,13 +417,15 @@ spec: - userName type: object sshAuth: - description: SSHAuth configures ssh-based auth for git authentication. + description: |- + SSHAuth configures ssh-based auth for git authentication. SSHPrivateKey is required but password is optional. properties: password: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, - Kubernetes secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on @@ -420,8 +442,8 @@ spec: file system properties: path: - description: Path on the filesystem to use to load information - from. + description: Path on the filesystem to use to load + information from. type: string required: - path @@ -436,34 +458,36 @@ spec: - value type: object secret: - description: SecretRef refers to a Kubernetes secret + description: SecretRef refers to a Kubernetes Secret properties: key: - description: Key within the secret to use. + description: Key within the Secret to use. type: string name: - description: Name of the secret + description: Name of the Secret type: string namespace: - description: Namespace where the secret is stored. Deprecated; - non-empty values will be considered invalid unless - namespace isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the - type of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object sshPrivateKey: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, - Kubernetes secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on @@ -480,8 +504,8 @@ spec: file system properties: path: - description: Path on the filesystem to use to load information - from. + description: Path on the filesystem to use to load + information from. type: string required: - path @@ -496,26 +520,27 @@ spec: - value type: object secret: - description: SecretRef refers to a Kubernetes secret + description: SecretRef refers to a Kubernetes Secret properties: key: - description: Key within the secret to use. + description: Key within the Secret to use. type: string name: - description: Name of the secret + description: Name of the Secret type: string namespace: - description: Namespace where the secret is stored. Deprecated; - non-empty values will be considered invalid unless - namespace isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the - type of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type @@ -525,18 +550,52 @@ spec: type: object type: object gitAuthSecret: - description: '(optional) GitAuthSecret is the the name of a secret containing - an authentication option for the git repository. There are 3 different - authentication options: * Personal access token * SSH private key - (and it''s optional password) * Basic auth username and password Only - one authentication mode will be considered if more than one option - is specified, with ssh private key/password preferred first, then - personal access token, and finally basic auth credentials. Deprecated. - Use GitAuth instead.' + description: |- + (optional) GitAuthSecret is the the name of a Secret containing an + authentication option for the git repository. + There are 3 different authentication options: + * Personal access token + * SSH private key (and it's optional password) + * Basic auth username and password + Only one authentication mode will be considered if more than one option is specified, + with ssh private key/password preferred first, then personal access token, and finally + basic auth credentials. + Deprecated. Use GitAuth instead. type: string + prerequisites: + description: |- + (optional) Prerequisites is a list of references to other stacks, each with a constraint on + how long ago it must have succeeded. This can be used to make sure e.g., state is + re-evaluated before running a stack that depends on it. + items: + description: |- + PrerequisiteRef refers to another stack, and gives requirements for the prerequisite to be + considered satisfied. + properties: + name: + description: Name is the name of the Stack resource that is + a prerequisite. + type: string + requirement: + description: |- + Requirement gives specific requirements for the prerequisite; the base requirement is that + the referenced stack is in a successful state. + properties: + succeededWithinDuration: + description: |- + SucceededWithinDuration gives a duration within which the prerequisite must have reached a + succeeded state; e.g., "1h" means "the prerequisite must be successful, and have become so in + the last hour". Fields (should there ever be more than one) are not intended to be mutually + exclusive. + type: string + type: object + required: + - name + type: object + type: array programRef: - description: ProgramRef refers to a Program object, to be used as the - source for the stack. + description: ProgramRef refers to a Program object, to be used as + the source for the stack. properties: name: type: string @@ -544,59 +603,66 @@ spec: - name type: object projectRepo: - description: ProjectRepo is the git source control repository from which - we fetch the project code and configuration. + description: ProjectRepo is the git source control repository from + which we fetch the project code and configuration. type: string refresh: - description: (optional) Refresh can be set to true to refresh the stack - before it is updated. + description: (optional) Refresh can be set to true to refresh the + stack before it is updated. type: boolean repoDir: - description: (optional) RepoDir is the directory to work from in the - project's source repository where Pulumi.yaml is located. It is used - in case Pulumi.yaml is not in the project source root. + description: |- + (optional) RepoDir is the directory to work from in the project's source repository + where Pulumi.yaml is located. It is used in case Pulumi.yaml is not + in the project source root. type: string resyncFrequencySeconds: - description: (optional) ResyncFrequencySeconds when set to a non-zero - value, triggers a resync of the stack at the specified frequency even - if no changes to the custom-resource are detected. If branch tracking - is enabled (branch is non-empty), commit polling will occur at this - frequency. The minimal resync frequency supported is 60 seconds. + description: |- + (optional) ResyncFrequencySeconds when set to a non-zero value, triggers a resync of the stack at + the specified frequency even if no changes to the custom resource are detected. + If branch tracking is enabled (branch is non-empty), commit polling will occur at this frequency. + The minimal resync frequency supported is 60 seconds. The default value for this field is 60 seconds. format: int64 type: integer retryOnUpdateConflict: - description: (optional) RetryOnUpdateConflict issues a stack update - retry reconciliation loop in the event that the update hits a HTTP - 409 conflict due to another update in progress. This is only recommended - if you are sure that the stack updates are idempotent, and if you - are willing to accept retry loops until all spawned retries succeed. - This will also create a more populated, and randomized activity timeline - for the stack in the Pulumi Service. + description: |- + (optional) RetryOnUpdateConflict issues a stack update retry reconciliation loop + in the event that the update hits a HTTP 409 conflict due to + another update in progress. + This is only recommended if you are sure that the stack updates are + idempotent, and if you are willing to accept retry loops until + all spawned retries succeed. This will also create a more populated, + and randomized activity timeline for the stack in the Pulumi Service. type: boolean secrets: additionalProperties: type: string - description: '(optional) Secrets is the secret configuration for this - stack, which can be optionally specified inline. If this is omitted, - secrets configuration is assumed to be checked in and taken from the - source repository. Deprecated: use SecretRefs instead.' + description: |- + (optional) Secrets is the secret configuration for this stack, which can be optionally specified inline. If this + is omitted, secrets configuration is assumed to be checked in and taken from the source repository. + Deprecated: use SecretRefs instead. type: object secretsProvider: - description: '(optional) SecretsProvider is used to initialize a Stack - with alternative encryption. Examples: - AWS: "awskms:///arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34bc-56ef-1234567890ab?region=us-east-1" - - Azure: "azurekeyvault://acmecorpvault.vault.azure.net/keys/mykeyname" - - GCP: "gcpkms://projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY" - - See: https://www.pulumi.com/docs/intro/concepts/secrets/#initializing-a-stack-with-alternative-encryption' + description: |- + (optional) SecretsProvider is used to initialize a Stack with alternative encryption. + Examples: + - AWS: "awskms:///arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34bc-56ef-1234567890ab?region=us-east-1" + - Azure: "azurekeyvault://acmecorpvault.vault.azure.net/keys/mykeyname" + - GCP: "gcpkms://projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY" + + + See: https://www.pulumi.com/docs/intro/concepts/secrets/#initializing-a-stack-with-alternative-encryption type: string secretsRef: additionalProperties: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, Kubernetes - secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: - description: Env selects an environment variable set on the operator - process + description: Env selects an environment variable set on the + operator process properties: name: description: Name of the environment variable @@ -625,44 +691,51 @@ spec: - value type: object secret: - description: SecretRef refers to a Kubernetes secret + description: SecretRef refers to a Kubernetes Secret properties: key: - description: Key within the secret to use. + description: Key within the Secret to use. type: string name: - description: Name of the secret + description: Name of the Secret type: string namespace: - description: Namespace where the secret is stored. Deprecated; - non-empty values will be considered invalid unless namespace - isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the type - of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object - description: (optional) SecretRefs is the secret configuration for this - stack which can be specified through ResourceRef. If this is omitted, - secrets configuration is assumed to be checked in and taken from the - source repository. + description: |- + (optional) SecretRefs is the secret configuration for this stack which can be specified through ResourceRef. + If this is omitted, secrets configuration is assumed to be checked in and taken from the source repository. type: object stack: description: Stack is the fully qualified name of the stack to deploy (/). type: string + targets: + description: |- + (optional) Targets is a list of URNs of resources to update exclusively. If supplied, only + resources mentioned will be updated. + items: + type: string + type: array useLocalStackOnly: - description: (optional) UseLocalStackOnly can be set to true to prevent - the operator from creating stacks that do not exist in the tracking - git repo. The default behavior is to create a stack if it doesn't - exist. + description: |- + (optional) UseLocalStackOnly can be set to true to prevent the operator from + creating stacks that do not exist in the tracking git repo. + The default behavior is to create a stack if it doesn't exist. type: boolean required: - stack @@ -672,44 +745,50 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a foo's - current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: |- + Condition contains details for one aspect of the current state of this API Resource. + --- + This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + + + // other fields + } properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating details - about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers of - specific condition types may define expected values and meanings - for this field, and whether the values are considered a guaranteed - API. The value should be a CamelCase string. This field may - not be empty. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ @@ -722,11 +801,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -739,21 +819,23 @@ spec: type: object type: array lastUpdate: - description: LastUpdate contains details of the status of the last update. + description: LastUpdate contains details of the status of the last + update. properties: lastAttemptedCommit: description: Last commit attempted type: string lastResyncTime: - description: LastResyncTime contains a timestamp for the last time - a resync of the stack took place. + description: LastResyncTime contains a timestamp for the last + time a resync of the stack took place. format: date-time type: string lastSuccessfulCommit: description: Last commit successfully applied type: string permalink: - description: Permalink is the Pulumi Console URL of the stack operation. + description: Permalink is the Pulumi Console URL of the stack + operation. type: string state: description: State is the state of the stack update - one of `succeeded` @@ -765,11 +847,16 @@ spec: at the point the controller last processed this object format: int64 type: integer + observedReconcileRequest: + description: |- + ObservedReconcileRequest records the value of the annotation named for + `ReconcileRequestAnnotation` when it was last seen. + type: string outputs: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: Outputs contains the exported stack output variables resulting - from a deployment. + description: Outputs contains the exported stack output variables + resulting from a deployment. type: object type: object type: object @@ -780,83 +867,91 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'Stack is the Schema for the stacks API. Deprecated: Note Stacks - from pulumi.com/v1alpha1 is deprecated in favor of pulumi.com/v1. It is completely - backward compatible. Users are strongly encouraged to switch to pulumi.com/v1.' + description: |- + Stack is the Schema for the stacks API. + Deprecated: Note Stacks from pulumi.com/v1alpha1 is deprecated in favor of pulumi.com/v1. + It is completely backward compatible. Users are strongly encouraged to switch to pulumi.com/v1. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: StackSpec defines the desired state of Pulumi Stack being managed - by this operator. + description: StackSpec defines the desired state of Pulumi Stack being + managed by this operator. properties: accessTokenSecret: - description: '(optional) AccessTokenSecret is the name of a secret containing - the PULUMI_ACCESS_TOKEN for Pulumi access. Deprecated: use EnvRefs - with a "secret" entry with the key PULUMI_ACCESS_TOKEN instead.' + description: |- + (optional) AccessTokenSecret is the name of a Secret containing the PULUMI_ACCESS_TOKEN for Pulumi access. + Deprecated: use EnvRefs with a "secret" entry with the key PULUMI_ACCESS_TOKEN instead. type: string backend: - description: '(optional) Backend is an optional backend URL to use for - all Pulumi operations.
Examples:
- Pulumi Service: "https://app.pulumi.com" - (default)
- Self-managed Pulumi Service: "https://pulumi.acmecorp.com" -
- Local: "file://./einstein"
- AWS: "s3://" -
- Azure: "azblob://" -
- GCP: "gs://" -
See: https://www.pulumi.com/docs/intro/concepts/state/' + description: |- + (optional) Backend is an optional backend URL to use for all Pulumi operations.
+ Examples:
+ - Pulumi Service: "https://app.pulumi.com" (default)
+ - Self-managed Pulumi Service: "https://pulumi.acmecorp.com"
+ - Local: "file://./einstein"
+ - AWS: "s3://"
+ - Azure: "azblob://"
+ - GCP: "gs://"
+ See: https://www.pulumi.com/docs/intro/concepts/state/ type: string branch: - description: (optional) Branch is the branch name to deploy, either - the simple or fully qualified ref name, e.g. refs/heads/master. This - is mutually exclusive with the Commit setting. Either value needs - to be specified. When specified, the operator will periodically poll - to check if the branch has any new commits. The frequency of the polling - is configurable through ResyncFrequencySeconds, defaulting to every - 60 seconds. + description: |- + (optional) Branch is the branch name to deploy, either the simple or fully qualified ref name, e.g. refs/heads/master. This + is mutually exclusive with the Commit setting. Either value needs to be specified. + When specified, the operator will periodically poll to check if the branch has any new commits. + The frequency of the polling is configurable through ResyncFrequencySeconds, defaulting to every 60 seconds. type: string commit: - description: (optional) Commit is the hash of the commit to deploy. - If used, HEAD will be in detached mode. This is mutually exclusive - with the Branch setting. Either value needs to be specified. + description: |- + (optional) Commit is the hash of the commit to deploy. If used, HEAD will be in detached mode. This + is mutually exclusive with the Branch setting. Either value needs to be specified. type: string config: additionalProperties: type: string - description: (optional) Config is the configuration for this stack, - which can be optionally specified inline. If this is omitted, configuration - is assumed to be checked in and taken from the source repository. + description: |- + (optional) Config is the configuration for this stack, which can be optionally specified inline. If this + is omitted, configuration is assumed to be checked in and taken from the source repository. type: object continueResyncOnCommitMatch: - description: (optional) ContinueResyncOnCommitMatch - when true - informs - the operator to continue trying to update stacks even if the revision - of the source matches. This might be useful in environments where - Pulumi programs have dynamic elements for example, calls to internal - APIs where GitOps style commit tracking is not sufficient. Defaults - to false, i.e. when a particular revision is successfully run, the - operator will not attempt to rerun the program at that revision again. + description: |- + (optional) ContinueResyncOnCommitMatch - when true - informs the operator to continue trying + to update stacks even if the revision of the source matches. This might be useful in + environments where Pulumi programs have dynamic elements for example, calls to internal APIs + where GitOps style commit tracking is not sufficient. Defaults to false, i.e. when a + particular revision is successfully run, the operator will not attempt to rerun the program + at that revision again. type: boolean destroyOnFinalize: description: (optional) DestroyOnFinalize can be set to true to destroy - the stack completely upon deletion of the CRD. + the stack completely upon deletion of the Stack custom resource. type: boolean envRefs: additionalProperties: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, Kubernetes - secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: - description: Env selects an environment variable set on the operator - process + description: Env selects an environment variable set on the + operator process properties: name: description: Name of the environment variable @@ -885,61 +980,65 @@ spec: - value type: object secret: - description: SecretRef refers to a Kubernetes secret + description: SecretRef refers to a Kubernetes Secret properties: key: - description: Key within the secret to use. + description: Key within the Secret to use. type: string name: - description: Name of the secret + description: Name of the Secret type: string namespace: - description: Namespace where the secret is stored. Deprecated; - non-empty values will be considered invalid unless namespace - isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the type - of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object - description: (optional) EnvRefs is an optional map containing environment - variables as keys and stores descriptors to where the variables' values - should be loaded from (one of literal, environment variable, file - on the filesystem, or Kubernetes secret) as values. + description: |- + (optional) EnvRefs is an optional map containing environment variables as keys and stores descriptors to where + the variables' values should be loaded from (one of literal, environment variable, file on the + filesystem, or Kubernetes Secret) as values. type: object envSecrets: - description: '(optional) SecretEnvs is an optional array of secret names - containing environment variables to set. Deprecated: use EnvRefs instead.' + description: |- + (optional) SecretEnvs is an optional array of Secret names containing environment variables to set. + Deprecated: use EnvRefs instead. items: type: string type: array envs: - description: '(optional) Envs is an optional array of config maps containing - environment variables to set. Deprecated: use EnvRefs instead.' + description: |- + (optional) Envs is an optional array of config maps containing environment variables to set. + Deprecated: use EnvRefs instead. items: type: string type: array expectNoRefreshChanges: - description: (optional) ExpectNoRefreshChanges can be set to true if - a stack is not expected to have changes during a refresh before the - update is run. This could occur, for example, is a resource's state - is changing outside of Pulumi (e.g., metadata, timestamps). + description: |- + (optional) ExpectNoRefreshChanges can be set to true if a stack is not expected to have + changes during a refresh before the update is run. + This could occur, for example, is a resource's state is changing outside of Pulumi + (e.g., metadata, timestamps). type: boolean fluxSource: - description: FluxSource specifies how to fetch source code from a Flux - source object. + description: FluxSource specifies how to fetch source code from a + Flux source object. properties: dir: - description: Dir gives the subdirectory containing the Pulumi project - (i.e., containing Pulumi.yaml) of interest, within the fetched - source. + description: |- + Dir gives the subdirectory containing the Pulumi project (i.e., containing Pulumi.yaml) of + interest, within the fetched source. type: string sourceRef: properties: @@ -958,18 +1057,21 @@ spec: - sourceRef type: object gitAuth: - description: '(optional) GitAuth allows configuring git authentication - options There are 3 different authentication options: * SSH private - key (and its optional password) * Personal access token * Basic auth - username and password Only one authentication mode will be considered - if more than one option is specified, with ssh private key/password - preferred first, then personal access token, and finally basic auth - credentials.' + description: |- + (optional) GitAuth allows configuring git authentication options + There are 3 different authentication options: + * SSH private key (and its optional password) + * Personal access token + * Basic auth username and password + Only one authentication mode will be considered if more than one option is specified, + with ssh private key/password preferred first, then personal access token, and finally + basic auth credentials. properties: accessToken: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, - Kubernetes secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on the @@ -1002,39 +1104,41 @@ spec: - value type: object secret: - description: SecretRef refers to a Kubernetes secret + description: SecretRef refers to a Kubernetes Secret properties: key: - description: Key within the secret to use. + description: Key within the Secret to use. type: string name: - description: Name of the secret + description: Name of the Secret type: string namespace: - description: Namespace where the secret is stored. Deprecated; - non-empty values will be considered invalid unless namespace - isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the type - of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object basicAuth: - description: BasicAuth configures git authentication through basic - auth — i.e. username and password. Both UserName and Password - are required. + description: |- + BasicAuth configures git authentication through basic auth — + i.e. username and password. Both UserName and Password are required. properties: password: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, - Kubernetes secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on @@ -1051,8 +1155,8 @@ spec: file system properties: path: - description: Path on the filesystem to use to load information - from. + description: Path on the filesystem to use to load + information from. type: string required: - path @@ -1067,34 +1171,36 @@ spec: - value type: object secret: - description: SecretRef refers to a Kubernetes secret + description: SecretRef refers to a Kubernetes Secret properties: key: - description: Key within the secret to use. + description: Key within the Secret to use. type: string name: - description: Name of the secret + description: Name of the Secret type: string namespace: - description: Namespace where the secret is stored. Deprecated; - non-empty values will be considered invalid unless - namespace isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the - type of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object userName: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, - Kubernetes secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on @@ -1111,8 +1217,8 @@ spec: file system properties: path: - description: Path on the filesystem to use to load information - from. + description: Path on the filesystem to use to load + information from. type: string required: - path @@ -1127,26 +1233,27 @@ spec: - value type: object secret: - description: SecretRef refers to a Kubernetes secret + description: SecretRef refers to a Kubernetes Secret properties: key: - description: Key within the secret to use. + description: Key within the Secret to use. type: string name: - description: Name of the secret + description: Name of the Secret type: string namespace: - description: Namespace where the secret is stored. Deprecated; - non-empty values will be considered invalid unless - namespace isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the - type of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type @@ -1156,13 +1263,15 @@ spec: - userName type: object sshAuth: - description: SSHAuth configures ssh-based auth for git authentication. + description: |- + SSHAuth configures ssh-based auth for git authentication. SSHPrivateKey is required but password is optional. properties: password: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, - Kubernetes secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on @@ -1179,8 +1288,8 @@ spec: file system properties: path: - description: Path on the filesystem to use to load information - from. + description: Path on the filesystem to use to load + information from. type: string required: - path @@ -1195,34 +1304,36 @@ spec: - value type: object secret: - description: SecretRef refers to a Kubernetes secret + description: SecretRef refers to a Kubernetes Secret properties: key: - description: Key within the secret to use. + description: Key within the Secret to use. type: string name: - description: Name of the secret + description: Name of the Secret type: string namespace: - description: Namespace where the secret is stored. Deprecated; - non-empty values will be considered invalid unless - namespace isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the - type of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object sshPrivateKey: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, - Kubernetes secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on @@ -1239,8 +1350,8 @@ spec: file system properties: path: - description: Path on the filesystem to use to load information - from. + description: Path on the filesystem to use to load + information from. type: string required: - path @@ -1255,26 +1366,27 @@ spec: - value type: object secret: - description: SecretRef refers to a Kubernetes secret + description: SecretRef refers to a Kubernetes Secret properties: key: - description: Key within the secret to use. + description: Key within the Secret to use. type: string name: - description: Name of the secret + description: Name of the Secret type: string namespace: - description: Namespace where the secret is stored. Deprecated; - non-empty values will be considered invalid unless - namespace isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the - type of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type @@ -1284,18 +1396,52 @@ spec: type: object type: object gitAuthSecret: - description: '(optional) GitAuthSecret is the the name of a secret containing - an authentication option for the git repository. There are 3 different - authentication options: * Personal access token * SSH private key - (and it''s optional password) * Basic auth username and password Only - one authentication mode will be considered if more than one option - is specified, with ssh private key/password preferred first, then - personal access token, and finally basic auth credentials. Deprecated. - Use GitAuth instead.' + description: |- + (optional) GitAuthSecret is the the name of a Secret containing an + authentication option for the git repository. + There are 3 different authentication options: + * Personal access token + * SSH private key (and it's optional password) + * Basic auth username and password + Only one authentication mode will be considered if more than one option is specified, + with ssh private key/password preferred first, then personal access token, and finally + basic auth credentials. + Deprecated. Use GitAuth instead. type: string + prerequisites: + description: |- + (optional) Prerequisites is a list of references to other stacks, each with a constraint on + how long ago it must have succeeded. This can be used to make sure e.g., state is + re-evaluated before running a stack that depends on it. + items: + description: |- + PrerequisiteRef refers to another stack, and gives requirements for the prerequisite to be + considered satisfied. + properties: + name: + description: Name is the name of the Stack resource that is + a prerequisite. + type: string + requirement: + description: |- + Requirement gives specific requirements for the prerequisite; the base requirement is that + the referenced stack is in a successful state. + properties: + succeededWithinDuration: + description: |- + SucceededWithinDuration gives a duration within which the prerequisite must have reached a + succeeded state; e.g., "1h" means "the prerequisite must be successful, and have become so in + the last hour". Fields (should there ever be more than one) are not intended to be mutually + exclusive. + type: string + type: object + required: + - name + type: object + type: array programRef: - description: ProgramRef refers to a Program object, to be used as the - source for the stack. + description: ProgramRef refers to a Program object, to be used as + the source for the stack. properties: name: type: string @@ -1303,59 +1449,66 @@ spec: - name type: object projectRepo: - description: ProjectRepo is the git source control repository from which - we fetch the project code and configuration. + description: ProjectRepo is the git source control repository from + which we fetch the project code and configuration. type: string refresh: - description: (optional) Refresh can be set to true to refresh the stack - before it is updated. + description: (optional) Refresh can be set to true to refresh the + stack before it is updated. type: boolean repoDir: - description: (optional) RepoDir is the directory to work from in the - project's source repository where Pulumi.yaml is located. It is used - in case Pulumi.yaml is not in the project source root. + description: |- + (optional) RepoDir is the directory to work from in the project's source repository + where Pulumi.yaml is located. It is used in case Pulumi.yaml is not + in the project source root. type: string resyncFrequencySeconds: - description: (optional) ResyncFrequencySeconds when set to a non-zero - value, triggers a resync of the stack at the specified frequency even - if no changes to the custom-resource are detected. If branch tracking - is enabled (branch is non-empty), commit polling will occur at this - frequency. The minimal resync frequency supported is 60 seconds. + description: |- + (optional) ResyncFrequencySeconds when set to a non-zero value, triggers a resync of the stack at + the specified frequency even if no changes to the custom resource are detected. + If branch tracking is enabled (branch is non-empty), commit polling will occur at this frequency. + The minimal resync frequency supported is 60 seconds. The default value for this field is 60 seconds. format: int64 type: integer retryOnUpdateConflict: - description: (optional) RetryOnUpdateConflict issues a stack update - retry reconciliation loop in the event that the update hits a HTTP - 409 conflict due to another update in progress. This is only recommended - if you are sure that the stack updates are idempotent, and if you - are willing to accept retry loops until all spawned retries succeed. - This will also create a more populated, and randomized activity timeline - for the stack in the Pulumi Service. + description: |- + (optional) RetryOnUpdateConflict issues a stack update retry reconciliation loop + in the event that the update hits a HTTP 409 conflict due to + another update in progress. + This is only recommended if you are sure that the stack updates are + idempotent, and if you are willing to accept retry loops until + all spawned retries succeed. This will also create a more populated, + and randomized activity timeline for the stack in the Pulumi Service. type: boolean secrets: additionalProperties: type: string - description: '(optional) Secrets is the secret configuration for this - stack, which can be optionally specified inline. If this is omitted, - secrets configuration is assumed to be checked in and taken from the - source repository. Deprecated: use SecretRefs instead.' + description: |- + (optional) Secrets is the secret configuration for this stack, which can be optionally specified inline. If this + is omitted, secrets configuration is assumed to be checked in and taken from the source repository. + Deprecated: use SecretRefs instead. type: object secretsProvider: - description: '(optional) SecretsProvider is used to initialize a Stack - with alternative encryption. Examples: - AWS: "awskms:///arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34bc-56ef-1234567890ab?region=us-east-1" - - Azure: "azurekeyvault://acmecorpvault.vault.azure.net/keys/mykeyname" - - GCP: "gcpkms://projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY" - - See: https://www.pulumi.com/docs/intro/concepts/secrets/#initializing-a-stack-with-alternative-encryption' + description: |- + (optional) SecretsProvider is used to initialize a Stack with alternative encryption. + Examples: + - AWS: "awskms:///arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34bc-56ef-1234567890ab?region=us-east-1" + - Azure: "azurekeyvault://acmecorpvault.vault.azure.net/keys/mykeyname" + - GCP: "gcpkms://projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY" + + + See: https://www.pulumi.com/docs/intro/concepts/secrets/#initializing-a-stack-with-alternative-encryption type: string secretsRef: additionalProperties: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, Kubernetes - secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: - description: Env selects an environment variable set on the operator - process + description: Env selects an environment variable set on the + operator process properties: name: description: Name of the environment variable @@ -1384,44 +1537,51 @@ spec: - value type: object secret: - description: SecretRef refers to a Kubernetes secret + description: SecretRef refers to a Kubernetes Secret properties: key: - description: Key within the secret to use. + description: Key within the Secret to use. type: string name: - description: Name of the secret + description: Name of the Secret type: string namespace: - description: Namespace where the secret is stored. Deprecated; - non-empty values will be considered invalid unless namespace - isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the type - of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object - description: (optional) SecretRefs is the secret configuration for this - stack which can be specified through ResourceRef. If this is omitted, - secrets configuration is assumed to be checked in and taken from the - source repository. + description: |- + (optional) SecretRefs is the secret configuration for this stack which can be specified through ResourceRef. + If this is omitted, secrets configuration is assumed to be checked in and taken from the source repository. type: object stack: description: Stack is the fully qualified name of the stack to deploy (/). type: string + targets: + description: |- + (optional) Targets is a list of URNs of resources to update exclusively. If supplied, only + resources mentioned will be updated. + items: + type: string + type: array useLocalStackOnly: - description: (optional) UseLocalStackOnly can be set to true to prevent - the operator from creating stacks that do not exist in the tracking - git repo. The default behavior is to create a stack if it doesn't - exist. + description: |- + (optional) UseLocalStackOnly can be set to true to prevent the operator from + creating stacks that do not exist in the tracking git repo. + The default behavior is to create a stack if it doesn't exist. type: boolean required: - stack @@ -1430,21 +1590,23 @@ spec: description: StackStatus defines the observed state of Stack properties: lastUpdate: - description: LastUpdate contains details of the status of the last update. + description: LastUpdate contains details of the status of the last + update. properties: lastAttemptedCommit: description: Last commit attempted type: string lastResyncTime: - description: LastResyncTime contains a timestamp for the last time - a resync of the stack took place. + description: LastResyncTime contains a timestamp for the last + time a resync of the stack took place. format: date-time type: string lastSuccessfulCommit: description: Last commit successfully applied type: string permalink: - description: Permalink is the Pulumi Console URL of the stack operation. + description: Permalink is the Pulumi Console URL of the stack + operation. type: string state: description: State is the state of the stack update - one of `succeeded` @@ -1454,8 +1616,8 @@ spec: outputs: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: Outputs contains the exported stack output variables resulting - from a deployment. + description: Outputs contains the exported stack output variables + resulting from a deployment. type: object type: object type: object diff --git a/scripts/generate_crds.sh b/scripts/generate_crds.sh index 2da713f0..a1743cd1 100755 --- a/scripts/generate_crds.sh +++ b/scripts/generate_crds.sh @@ -8,3 +8,5 @@ deploy_dir="$cwd/../deploy/crds" echo "Generating CRD API types..." controller-gen paths="$apis_dir/..." crd:crdVersions=v1 output:crd:dir="$deploy_dir" +cp "${deploy_dir}/pulumi.com_programs.yaml" "${deploy_dir}/../helm/pulumi-operator/crds/program-crd.yaml" +cp "${deploy_dir}/pulumi.com_stacks.yaml" "${deploy_dir}/../helm/pulumi-operator/crds/stack-crd.yaml"