chore(deps): update ghcr.io/akuity/kargo-charts/kargo docker tag to v1.8.1 #612
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate-approve[bot]](https://avatars.githubusercontent.com/in/7394?s=60&v=4){kind=small}
Argo CD Diff PreviewSummary: {base => target}/kargo | 2691 +++++++++++++++++++++++++++-------
{base => target}/kubernetes-services | 2 +-
2 files changed, 2126 insertions(+), 567 deletions(-)Diff:diff --git base/kargo target/kargo
index 25dad73..571dcf1 100644
--- base/kargo
+++ target/kargo
@@ -1,333 +1,456 @@
---
apiVersion: v1
data:
ADMIN_ACCOUNT_ENABLED: "true"
ADMIN_ACCOUNT_TOKEN_AUDIENCE: localhost
ADMIN_ACCOUNT_TOKEN_ISSUER: https://localhost
ADMIN_ACCOUNT_TOKEN_TTL: 24h
+ CLUSTER_SECRETS_NAMESPACE: kargo-cluster-secrets
KARGO_NAMESPACE: kargo
+ LOG_FORMAT: CONSOLE
LOG_LEVEL: INFO
PERMISSIVE_CORS_POLICY_ENABLED: "false"
ROLLOUTS_INTEGRATION_ENABLED: "true"
SECRET_MANAGEMENT_ENABLED: "true"
TLS_CERT_PATH: /etc/kargo/tls.crt
TLS_ENABLED: "true"
TLS_KEY_PATH: /etc/kargo/tls.key
kind: ConfigMap
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ConfigMap:kargo/kargo-api
labels:
app.kubernetes.io/component: api
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
name: kargo-api
namespace: kargo
---
apiVersion: v1
data:
ALLOW_CREDENTIALS_OVER_HTTP: "false"
API_SERVER_BASE_URL: https://localhost
ARGOCD_INTEGRATION_ENABLED: "true"
ARGOCD_NAMESPACE: argocd
ARGOCD_WATCH_ARGOCD_NAMESPACE_ONLY: "false"
+ CLUSTER_SECRETS_NAMESPACE: kargo-cluster-secrets
GITCLIENT_EMAIL: no-reply@kargo.io
GITCLIENT_NAME: Kargo
GITCLIENT_SIGNING_KEY_TYPE: gpg
GLOBAL_CREDENTIALS_NAMESPACES: ""
+ IS_DEFAULT_CONTROLLER: "true"
+ LOG_FORMAT: CONSOLE
LOG_LEVEL: INFO
MAX_CONCURRENT_CONTROL_FLOW_RECONCILES: "4"
MAX_CONCURRENT_PROMOTION_RECONCILES: "4"
MAX_CONCURRENT_STAGE_RECONCILES: "4"
MAX_CONCURRENT_WAREHOUSE_RECONCILES: "4"
+ MIN_WAREHOUSE_RECONCILIATION_INTERVAL: 5m0s
ROLLOUTS_CONTROLLER_INSTANCE_ID: ""
ROLLOUTS_INTEGRATION_ENABLED: "true"
kind: ConfigMap
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ConfigMap:kargo/kargo-controller
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
name: kargo-controller
namespace: kargo
---
apiVersion: v1
data:
+ CLUSTER_SECRETS_NAMESPACE: kargo-cluster-secrets
+ EXTERNAL_WEBHOOK_SERVER_BASE_URL: https://localhost
+ KARGO_NAMESPACE: kargo
+ LOG_FORMAT: CONSOLE
+ LOG_LEVEL: INFO
+ TLS_CERT_PATH: /etc/kargo/tls.crt
+ TLS_ENABLED: "true"
+ TLS_KEY_PATH: /etc/kargo/tls.key
+kind: ConfigMap
+metadata:
+ annotations:
+ argocd.argoproj.io/tracking-id: kargo:/ConfigMap:kargo/kargo-external-webhooks-server
+ labels:
+ app.kubernetes.io/component: external-webhooks-server
+ app.kubernetes.io/instance: kargo
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: kargo
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
+ name: kargo-external-webhooks-server
+ namespace: kargo
+
+---
+apiVersion: v1
+data:
+ LOG_FORMAT: CONSOLE
LOG_LEVEL: INFO
MAX_RETAINED_FREIGHT: "20"
MAX_RETAINED_PROMOTIONS: "20"
MIN_FREIGHT_DELETION_AGE: 336h
MIN_PROMOTION_DELETION_AGE: 336h
NUM_WORKERS: "3"
kind: ConfigMap
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ConfigMap:kargo/kargo-garbage-collector
labels:
app.kubernetes.io/component: garbage-collector
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
name: kargo-garbage-collector
namespace: kargo
---
apiVersion: v1
data:
+ CLUSTER_SECRETS_NAMESPACE: kargo-cluster-secrets
+ EXTERNAL_WEBHOOK_SERVER_BASE_URL: https://localhost
KARGO_NAMESPACE: kargo
+ LOG_FORMAT: CONSOLE
LOG_LEVEL: INFO
MAX_CONCURRENT_NAMESPACE_RECONCILES: "4"
+ MAX_CONCURRENT_PROJECT_CONFIG_RECONCILES: "4"
MAX_CONCURRENT_PROJECT_RECONCILES: "4"
MAX_CONCURRENT_SERVICE_ACCOUNT_RECONCILES: "4"
kind: ConfigMap
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ConfigMap:kargo/kargo-management-controller
labels:
app.kubernetes.io/component: management-controller
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
name: kargo-management-controller
namespace: kargo
---
apiVersion: v1
data:
CONTROLPLANE_USER_REGEX: ^system:serviceaccount:kargo:(kargo-api|kargo-controller|kargo-garbage-collector|kargo-management-controller)$
KARGO_NAMESPACE: kargo
+ LOG_FORMAT: CONSOLE
LOG_LEVEL: INFO
kind: ConfigMap
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ConfigMap:kargo/kargo-webhooks-server
labels:
- app.kubernetes.io/component: webhooks-server
+ app.kubernetes.io/component: kubernetes-webhooks-server
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
name: kargo-webhooks-server
namespace: kargo
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ annotations:
+ argocd.argoproj.io/tracking-id: kargo:/Namespace:kargo/kargo-cluster-secrets
+ labels:
+ app.kubernetes.io/instance: kargo
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: kargo
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
+ name: kargo-cluster-secrets
+
---
apiVersion: v1
data:
ADMIN_ACCOUNT_PASSWORD_HASH: ++++++++
ADMIN_ACCOUNT_TOKEN_SIGNING_KEY: ++++++++
kind: Secret
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/Secret:kargo/kargo-api
labels:
app.kubernetes.io/component: api
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
name: kargo-api
namespace: kargo
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/Service:kargo/kargo-api
labels:
app.kubernetes.io/component: api
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
name: kargo-api
namespace: kargo
spec:
ports:
- port: 443
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/component: api
app.kubernetes.io/instance: kargo
app.kubernetes.io/name: kargo
type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ annotations:
+ argocd.argoproj.io/tracking-id: kargo:/Service:kargo/kargo-external-webhooks-server
+ labels:
+ app.kubernetes.io/component: external-webhooks-server
+ app.kubernetes.io/instance: kargo
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: kargo
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
+ name: kargo-external-webhooks-server
+ namespace: kargo
+spec:
+ ports:
+ - port: 443
+ protocol: TCP
+ targetPort: 8080
+ selector:
+ app.kubernetes.io/component: external-webhooks-server
+ app.kubernetes.io/instance: kargo
+ app.kubernetes.io/name: kargo
+ type: ClusterIP
+
---
apiVersion: v1
kind: Service
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/Service:kargo/kargo-webhooks-server
labels:
- app.kubernetes.io/component: webhooks-server
+ app.kubernetes.io/component: kubernetes-webhooks-server
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
name: kargo-webhooks-server
namespace: kargo
spec:
ports:
- port: 443
protocol: TCP
targetPort: 9443
selector:
- app.kubernetes.io/component: webhooks-server
+ app.kubernetes.io/component: kubernetes-webhooks-server
app.kubernetes.io/instance: kargo
app.kubernetes.io/name: kargo
type: ClusterIP
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-admin
labels:
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
name: kargo-admin
namespace: kargo
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-api
labels:
app.kubernetes.io/component: api
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
name: kargo-api
namespace: kargo
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-controller
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
name: kargo-controller
namespace: kargo
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ annotations:
+ argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-external-webhooks-server
+ labels:
+ app.kubernetes.io/component: external-webhooks-server
+ app.kubernetes.io/instance: kargo
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: kargo
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
+ name: kargo-external-webhooks-server
+ namespace: kargo
+
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-garbage-collector
labels:
app.kubernetes.io/component: garbage-collector
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
name: kargo-garbage-collector
namespace: kargo
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-management-controller
labels:
app.kubernetes.io/component: management-controller
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
name: kargo-management-controller
namespace: kargo
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ annotations:
+ argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-project-creator
+ labels:
+ app.kubernetes.io/instance: kargo
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: kargo
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
+ name: kargo-project-creator
+ namespace: kargo
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ annotations:
+ argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-user
+ labels:
+ app.kubernetes.io/instance: kargo
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: kargo
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
+ name: kargo-user
+ namespace: kargo
+
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-viewer
labels:
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
name: kargo-viewer
namespace: kargo
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-webhooks-server
labels:
- app.kubernetes.io/component: webhooks-server
+ app.kubernetes.io/component: kubernetes-webhooks-server
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
name: kargo-webhooks-server
namespace: kargo
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:admissionregistration.k8s.io/MutatingWebhookConfiguration:kargo/kargo
cert-manager.io/inject-ca-from: kargo/kargo-webhooks-server
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
name: kargo
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kargo-webhooks-server
namespace: kargo
path: /mutate-kargo-akuity-io-v1alpha1-freight
failurePolicy: Fail
@@ -413,24 +536,66 @@ apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:admissionregistration.k8s.io/ValidatingWebhookConfiguration:kargo/kargo
cert-manager.io/inject-ca-from: kargo/kargo-webhooks-server
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.8.1
+ helm.sh/chart: kargo-1.8.1
name: kargo
webhooks:
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kargo-webhooks-server
+ namespace: kargo
+ path: /validate-kargo-akuity-io-v1alpha1-clusterconfig
+ failurePolicy: Fail
+ name: clusterconfig.kargo.akuity.io
+ rules:
+ - apiGroups:
+ - kargo.akuity.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - clusterconfigs
+ scope: Cluster
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kargo-webhooks-server
+ namespace: kargo
+ path: /validate-kargo-akuity-io-v1alpha1-clusterpromotiontask
+ failurePolicy: Fail
+ name: clusterpromotiontask.kargo.akuity.io
+ rules:
+ - apiGroups:
+ - kargo.akuity.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - clusterpromotiontasks
+ scope: Cluster
+ sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kargo-webhooks-server
namespace: kargo
path: /validate-kargo-akuity-io-v1alpha1-freight
failurePolicy: Fail
name: freight.kargo.akuity.io
rules:
@@ -520,20 +685,21 @@ webhooks:
path: /validate-kargo-akuity-io-v1alpha1-promotiontask
failurePolicy: Fail
name: promotiontask.kargo.akuity.io
rules:
- apiGroups:
- kargo.akuity.io
apiVersions:
- v1alpha1
operations:
- CREATE
+ - UPDATE
resources:
- promotiontasks
scope: Namespaced
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kargo-webhooks-server
namespace: kargo
@@ -572,183 +738,691 @@ webhooks:
resources:
- warehouses
scope: Namespaced
sideEffects: None
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
- name: clusterpromotiontasks.kargo.akuity.io
+ name: clusterconfigs.kargo.akuity.io
spec:
group: kargo.akuity.io
names:
- kind: ClusterPromotionTask
- listKind: ClusterPromotionTaskList
- plural: clusterpromotiontasks
+ kind: ClusterConfig
+ listKind: ClusterConfigList
+ plural: clusterconfigs
shortNames:
- - clusterpromotask
- - clusterpromotasks
- singular: clusterpromotiontask
+ - clusterconfig
+ - clusterconfigs
+ singular: clusterconfig
scope: Cluster
versions:
- additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
+ description: |-
+ ClusterConfig is a resource type that describes cluster-level Kargo
+ configuration.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
- description: |-
- Spec describes the desired transition of a specific Stage into a specific
- Freight.
+ description: Spec describes the configuration of a cluster.
properties:
- steps:
+ webhookReceivers:
description: |-
- Steps specifies the directives to be executed as part of this
- PromotionTask. The steps as defined here are inflated into a
- Promotion when it is built from a PromotionTemplate.
+ WebhookReceivers describes cluster-scoped webhook receivers used for
+ processing events from various external platforms
items:
- description: PromotionStep describes a directive to be executed
- as part of a Promotion.
+ description: |-
+ WebhookReceiverConfig describes the configuration for a single webhook
+ receiver.
properties:
- as:
- description: As is the alias this step can be referred to as.
- type: string
- config:
+ artifactory:
description: |-
- Config is opaque configuration for the PromotionStep that is understood
- only by each PromotionStep's implementation. It is legal to utilize
- expressions in defining values at any level of this block.
- See https://docs.kargo.io/user-guide/reference-docs/expressions for details.
- x-kubernetes-preserve-unknown-fields: true
- continueOnError:
- description: |-
- ContinueOnError is a boolean value that, if set to true, will cause the
- Promotion to continue executing the next step even if this step fails. It
- also will not permit this failure to impact the overall status of the
- Promotion.
- type: boolean
- if:
- description: |-
- If is an optional expression that, if present, must evaluate to a boolean
- value. If the expression evaluates to false, the step will be skipped.
- If the expression does not evaluate to a boolean value, the step will be
- considered to have failed.
- type: string
- retry:
- description: Retry is the retry policy for this step.
+ Artifactory contains the configuration for a webhook receiver that is
+ compatible with JFrog Artifactory payloads.
properties:
- errorThreshold:
+ secretRef:
description: |-
- ErrorThreshold is the number of consecutive times the step must fail (for
- any reason) before retries are abandoned and the entire Promotion is marked
- as failed.
-
- If this field is set to 0, the effective default will be a step-specific
- one. If no step-specific default exists (i.e. is also 0), the effective
- default will be the system-wide default of 1.
-
- A value of 1 will cause the Promotion to be marked as failed after just
- a single failure; i.e. no retries will be attempted.
+ SecretRef contains a reference to a Secret. For Project-scoped webhook
+ receivers, the referenced Secret must be in the same namespace as the
+ ProjectConfig.
- There is no option to specify an infinite number of retries using a value
- such as -1.
+ For cluster-scoped webhook receivers, the referenced Secret must be in the
+ designated "cluster Secrets" namespace.
- In a future release, Kargo is likely to become capable of distinguishing
- between recoverable and non-recoverable step failures. At that time, it is
- planned that unrecoverable failures will not be subject to this threshold
- and will immediately cause the Promotion to be marked as failed without
- further condition.
- format: int32
- type: integer
- timeout:
+ The Secret's data map is expected to contain a `secret-token` key whose
+ value is the shared secret used to authenticate the webhook requests sent
+ by JFrog Artifactory. For more information please refer to the JFrog
+ Artifactory documentation:
+ https://jfrog.com/help/r/jfrog-platform-administration-documentation/webhooks
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ virtualRepoName:
description: |-
- Timeout is the soft maximum interval in which a step that returns a Running
- status (which typically indicates it's waiting for something to happen)
- may be retried.
-
- The maximum is a soft one because the check for whether the interval has
- elapsed occurs AFTER the step has run. This effectively means a step may
- run ONCE beyond the close of the interval.
+ VirtualRepoName is the name of an Artifactory virtual repository.
- If this field is set to nil, the effective default will be a step-specific
- one. If no step-specific default exists (i.e. is also nil), the effective
- default will be the system-wide default of 0.
+ When unspecified, the Artifactory webhook receiver depends on the value of
+ the webhook payload's `data.repo_key` field when inferring the URL of the
+ repository from which the webhook originated, which will always be an
+ Artifactory "local repository." In cases where a Warehouse subscribes to
+ such a repository indirectly via a "virtual repository," there will be a
+ discrepancy between the inferred (local) repository URL and the URL
+ actually used by the subscription, which can prevent the receiver from
+ identifying such a Warehouse as one in need of refreshing. When specified,
+ the value of the VirtualRepoName field supersedes the value of the webhook
+ payload's `data.repo_key` field to compensate for that discrepancy.
- A value of 0 will cause the step to be retried indefinitely unless the
- ErrorThreshold is reached.
+ In practice, when using virtual repositories, a separate Artifactory
+ webhook receiver should be configured for each, but one such receiver can
+ handle inbound webhooks from any number of local repositories that are
+ aggregated by that virtual repository. For example, if a virtual repository
+ `proj-virtual` aggregates container images from all of the `proj`
+ Artifactory project's local image repositories, with a single webhook
+ configured to post to a single receiver configured for the `proj-virtual`
+ virtual repository, an image pushed to
+ `example.frog.io/proj-<local-repo-name>/<path>/image`, will cause that
+ receiver to refresh all Warehouses subscribed to
+ `example.frog.io/proj-virtual/<path>/image`.
type: string
+ required:
+ - secretRef
type: object
- task:
+ azure:
description: |-
- Task is a reference to a PromotionTask that should be inflated into a
- Promotion when it is built from a PromotionTemplate.
+ Azure contains the configuration for a webhook receiver that is compatible
+ with Azure Container Registry (ACR) and Azure DevOps payloads.
properties:
- kind:
+ secretRef:
+ description: "SecretRef contains a reference to a Secret.
+ For Project-scoped webhook\nreceivers, the referenced
+ Secret must be in the same namespace as the\nProjectConfig.\n\nFor
+ cluster-scoped webhook receivers, the referenced Secret
+ must be in the\ndesignated \"cluster Secrets\" namespace.\n\nThe
+ Secret's data map is expected to contain a `secret` key
+ whose value\ndoes NOT need to be shared directly with
+ Azure when registering a webhook.\nIt is used only by
+ Kargo to create a complex, hard-to-guess URL,\nwhich implicitly
+ serves as a shared secret. For more information about\nAzure
+ webhooks, please refer to the Azure documentation:\n\n
+ Azure Container Registry:\n\thttps://learn.microsoft.com/en-us/azure/container-registry/container-registry-repositories\n\n
+ Azure DevOps:\n\thttp://learn.microsoft.com/en-us/azure/devops/service-hooks/services/webhooks?view=azure-devops"
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - secretRef
+ type: object
+ bitbucket:
+ description: |-
+ Bitbucket contains the configuration for a webhook receiver that is
+ compatible with Bitbucket payloads.
+ properties:
+ secretRef:
description: |-
- Kind is the type of the PromotionTask. Can be either PromotionTask or
- ClusterPromotionTask, default is PromotionTask.
- enum:
- - PromotionTask
- - ClusterPromotionTask
- type: string
- name:
- description: Name is the name of the (Cluster)PromotionTask.
- maxLength: 253
- minLength: 1
- pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
- type: string
+ SecretRef contains a reference to a Secret. For Project-scoped webhook
+ receivers, the referenced Secret must be in the same namespace as the
+ ProjectConfig.
+
+ For cluster-scoped webhook receivers, the referenced Secret must be in the
+ designated "cluster Secrets" namespace.
+
+ The Secret's data map is expected to contain a `secret` key whose
+ value is the shared secret used to authenticate the webhook requests sent
+ by Bitbucket. For more information please refer to the Bitbucket
+ documentation:
+ https://support.atlassian.com/bitbucket-cloud/docs/manage-webhooks/
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
required:
- - name
+ - secretRef
type: object
- uses:
- description: Uses identifies a runner that can execute this
- step.
- minLength: 1
- type: string
- vars:
+ dockerhub:
description: |-
- Vars is a list of variables that can be referenced by expressions in
- the step's Config. The values override the values specified in the
- PromotionSpec.
- items:
- description: |-
- ExpressionVariable describes a single variable that may be referenced by
- expressions in the context of a ClusterPromotionTask, PromotionTask,
- Promotion, AnalysisRun arguments, or other objects that support expressions.
+ DockerHub contains the configuration for a webhook receiver that is
+ compatible with DockerHub payloads.
+ properties:
+ secretRef:
+ description: |-
+ SecretRef contains a reference to a Secret. For Project-scoped webhook
+ receivers, the referenced Secret must be in the same namespace as the
+ ProjectConfig.
- It is used to pass information to the expression evaluation engine, and to
- allow for dynamic evaluation of expressions based on the variable values.
- properties:
+ The Secret's data map is expected to contain a `secret` key whose value
+ does NOT need to be shared directly with Docker Hub when registering a
+ webhook. It is used only by Kargo to create a complex, hard-to-guess URL,
+ which implicitly serves as a shared secret. For more information about
+ Docker Hub webhooks, please refer to the Docker documentation:
+ https://docs.docker.com/docker-hub/webhooks/
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - secretRef
+ type: object
+ gitea:
+ description: |-
+ Gitea contains the configuration for a webhook receiver that is compatible
+ with Gitea payloads.
+ properties:
+ secretRef:
+ description: |-
+ SecretRef contains a reference to a Secret. For Project-scoped webhook
+ receivers, the referenced Secret must be in the same namespace as the
+ ProjectConfig.
+
+ For cluster-scoped webhook receivers, the referenced Secret must be in the
+ designated "cluster Secrets" namespace.
+
+ The Secret's data map is expected to contain a `secret` key whose value is
+ the shared secret used to authenticate the webhook requests sent by Gitea.
+ For more information please refer to the Gitea documentation:
+ https://docs.gitea.io/en-us/webhooks/
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - secretRef
+ type: object
+ github:
+ description: |-
+ GitHub contains the configuration for a webhook receiver that is compatible
+ with GitHub payloads.
+ properties:
+ secretRef:
+ description: |-
+ SecretRef contains a reference to a Secret. For Project-scoped webhook
+ receivers, the referenced Secret must be in the same namespace as the
+ ProjectConfig.
+
+ For cluster-scoped webhook receivers, the referenced Secret must be in the
+ designated "cluster Secrets" namespace.
+
+ The Secret's data map is expected to contain a `secret` key whose value is
+ the shared secret used to authenticate the webhook requests sent by GitHub.
+ For more information please refer to GitHub documentation:
+ https://docs.github.com/en/webhooks/using-webhooks/validating-webhook-deliveries
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - secretRef
+ type: object
+ gitlab:
+ description: |-
+ GitLab contains the configuration for a webhook receiver that is compatible
+ with GitLab payloads.
+ properties:
+ secretRef:
+ description: |-
+ SecretRef contains a reference to a Secret. For Project-scoped webhook
+ receivers, the referenced Secret must be in the same namespace as the
+ ProjectConfig.
+
+ For cluster-scoped webhook receivers, the referenced Secret must be in the
+ designated "cluster Secrets" namespace.
+
+ The secret is expected to contain a `secret-token` key containing the
+ shared secret specified when registering the webhook in GitLab. For more
+ information about this token, please refer to the GitLab documentation:
+ https://docs.gitlab.com/user/project/integrations/webhooks/
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - secretRef
+ type: object
+ harbor:
+ description: |-
+ Harbor contains the configuration for a webhook receiver that is compatible
+ with Harbor payloads.
+ properties:
+ secretRef:
+ description: |-
+ SecretRef contains a reference to a Secret. For Project-scoped webhook
+ receivers, the referenced Secret must be in the same namespace as the
+ ProjectConfig.
+
+ For cluster-scoped webhook receivers, the referenced Secret must be in the
+ designated "cluster Secrets" namespace.
+
+ The secret is expected to contain an `auth-header` key containing the "auth
+ header" specified when registering the webhook in Harbor. For more
+ information, please refer to the Harbor documentation:
+ https://goharbor.io/docs/main/working-with-projects/project-configuration/configure-webhooks/
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - secretRef
+ type: object
+ name:
+ description: Name is the name of the webhook receiver.
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ quay:
+ description: |-
+ Quay contains the configuration for a webhook receiver that is compatible
+ with Quay payloads.
+ properties:
+ secretRef:
+ description: |-
+ SecretRef contains a reference to a Secret. For Project-scoped webhook
+ receivers, the referenced Secret must be in the same namespace as the
+ ProjectConfig.
+
+ For cluster-scoped webhook receivers, the referenced Secret must be in the
+ designated "cluster Secrets" namespace.
+
+ The Secret's data map is expected to contain a `secret` key whose value
+ does NOT need to be shared directly with Quay when registering a
+ webhook. It is used only by Kargo to create a complex, hard-to-guess URL,
+ which implicitly serves as a shared secret. For more information about
+ Quay webhooks, please refer to the Quay documentation:
+ https://docs.quay.io/guides/notifications.html
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - secretRef
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ status:
+ description: Status describes the current status of a ClusterConfig.
+ properties:
+ conditions:
+ description: |-
+ Conditions contains the last observations of the ClusterConfig's current
+ state.
+ items:
+ description: Condition contains details for one aspect of the current
+ state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ lastHandledRefresh:
+ description: |-
+ LastHandledRefresh holds the value of the most recent AnnotationKeyRefresh
+ annotation that was handled by the controller. This field can be used to
+ determine whether the request to refresh the resource has been handled.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that this
+ ClusterConfig was reconciled against.
+ format: int64
+ type: integer
+ webhookReceivers:
+ description: WebhookReceivers describes the status of cluster-scoped
+ webhook receivers.
+ items:
+ description: WebhookReceiverDetails encapsulates the details of
+ a webhook receiver.
+ properties:
+ name:
+ description: Name is the name of the webhook receiver.
+ type: string
+ path:
+ description: Path is the path to the receiver's webhook endpoint.
+ type: string
+ url:
+ description: URL includes the full address of the receiver's
+ webhook endpoint.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ helm.sh/resource-policy: keep
+ name: clusterpromotiontasks.kargo.akuity.io
+spec:
+ group: kargo.akuity.io
+ names:
+ kind: ClusterPromotionTask
+ listKind: ClusterPromotionTaskList
+ plural: clusterpromotiontasks
+ shortNames:
+ - clusterpromotask
+ - clusterpromotasks
+ singular: clusterpromotiontask
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ Spec describes the desired transition of a specific Stage into a specific
+ Freight.
+ properties:
+ steps:
+ description: |-
+ Steps specifies the directives to be executed as part of this
+ PromotionTask. The steps as defined here are inflated into a
+ Promotion when it is built from a PromotionTemplate.
+ items:
+ description: PromotionStep describes a directive to be executed
+ as part of a Promotion.
+ properties:
+ as:
+ description: As is the alias this step can be referred to as.
+ type: string
+ config:
+ description: |-
+ Config is opaque configuration for the PromotionStep that is understood
+ only by each PromotionStep's implementation. It is legal to utilize
+ expressions in defining values at any level of this block.
+ See https://docs.kargo.io/user-guide/reference-docs/expressions for details.
+ x-kubernetes-preserve-unknown-fields: true
+ continueOnError:
+ description: |-
+ ContinueOnError is a boolean value that, if set to true, will cause the
+ Promotion to continue executing the next step even if this step fails. It
+ also will not permit this failure to impact the overall status of the
+ Promotion.
+ type: boolean
+ if:
+ description: |-
+ If is an optional expression that, if present, must evaluate to a boolean
+ value. If the expression evaluates to false, the step will be skipped.
+ If the expression does not evaluate to a boolean value, the step will be
+ considered to have failed.
+ type: string
+ retry:
+ description: Retry is the retry policy for this step.
+ properties:
+ errorThreshold:
+ description: |-
+ ErrorThreshold is the number of consecutive times the step must fail (for
+ any reason) before retries are abandoned and the entire Promotion is marked
+ as failed.
+
+ If this field is set to 0, the effective default will be a step-specific
+ one. If no step-specific default exists (i.e. is also 0), the effective
+ default will be the system-wide default of 1.
+
+ A value of 1 will cause the Promotion to be marked as failed after just
+ a single failure; i.e. no retries will be attempted.
+
+ There is no option to specify an infinite number of retries using a value
+ such as -1.
+
+ In a future release, Kargo is likely to become capable of distinguishing
+ between recoverable and non-recoverable step failures. At that time, it is
+ planned that unrecoverable failures will not be subject to this threshold
+ and will immediately cause the Promotion to be marked as failed without
+ further condition.
+ format: int32
+ type: integer
+ timeout:
+ description: |-
+ Timeout is the soft maximum interval in which a step that returns a Running
+ status (which typically indicates it's waiting for something to happen)
+ may be retried.
+
+ The maximum is a soft one because the check for whether the interval has
+ elapsed occurs AFTER the step has run. This effectively means a step may
+ run ONCE beyond the close of the interval.
+
+ If this field is set to nil, the effective default will be a step-specific
+ one. If no step-specific default exists (i.e. is also nil), the effective
+ default will be the system-wide default of 0.
+
+ A value of 0 will cause the step to be retried indefinitely unless the
+ ErrorThreshold is reached.
+ type: string
+ type: object
+ task:
+ description: |-
+ Task is a reference to a PromotionTask that should be inflated into a
+ Promotion when it is built from a PromotionTemplate.
+ properties:
+ kind:
+ description: |-
+ Kind is the type of the PromotionTask. Can be either PromotionTask or
+ ClusterPromotionTask, default is PromotionTask.
+ enum:
+ - PromotionTask
+ - ClusterPromotionTask
+ type: string
+ name:
+ description: Name is the name of the (Cluster)PromotionTask.
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ required:
+ - name
+ type: object
+ uses:
+ description: Uses identifies a runner that can execute this
+ step.
+ minLength: 1
+ type: string
+ vars:
+ description: |-
+ Vars is a list of variables that can be referenced by expressions in
+ the step's Config. The values override the values specified in the
+ PromotionSpec.
+ items:
+ description: |-
+ ExpressionVariable describes a single variable that may be referenced by
+ expressions in the context of a ClusterPromotionTask, PromotionTask,
+ Promotion, AnalysisRun arguments, or other objects that support expressions.
+
+ It is used to pass information to the expression evaluation engine, and to
+ allow for dynamic evaluation of expressions based on the variable values.
+ properties:
name:
description: Name is the name of the variable.
minLength: 1
pattern: ^[a-zA-Z_]\w*$
type: string
value:
description: |-
Value is the value of the variable. It is allowed to utilize expressions
in the value.
See https://docs.kargo.io/user-guide/reference-docs/expressions for details.
@@ -801,21 +1475,21 @@ spec:
type: object
served: true
storage: true
subresources: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
name: freights.kargo.akuity.io
spec:
group: kargo.akuity.io
names:
kind: Freight
listKind: FreightList
plural: freights
singular: freight
scope: Namespaced
@@ -925,28 +1599,20 @@ spec:
additionalProperties:
type: string
description: Annotations is a map of arbitrary metadata for the
image.
type: object
digest:
description: |-
Digest identifies a specific version of the image in the repository
specified by RepoURL. This is a more precise identifier than Tag.
type: string
- gitRepoURL:
- description: |-
- GitRepoURL specifies the URL of a Git repository that contains the source
- code for the image repository referenced by the RepoURL field if Kargo was
- able to infer it.
-
- Deprecated: Use OCI annotations instead. Will be removed in v1.7.0.
- type: string
repoURL:
description: RepoURL describes the repository in which the image
can be found.
type: string
tag:
description: |-
Tag identifies a specific version of the image in the repository specified
by RepoURL.
type: string
type: object
@@ -994,277 +1660,128 @@ spec:
approved for the Stage.
format: date-time
type: string
type: object
description: |-
ApprovedFor describes the Stages for which this Freight has been approved
preemptively/manually by a user. This is useful for hotfixes, where one
might wish to promote a piece of Freight to a given Stage without
transiting the entire pipeline.
type: object
- currentlyIn:
- additionalProperties:
- description: CurrentStage reflects a Stage's current use of Freight.
- properties:
- since:
- description: |-
- Since is the time at which the Stage most recently started using the
- Freight. This can be used to calculate how long t
⚠️⚠️⚠️ Diff is too long. Truncated to 65536 characters. This can be adjusted with the `--max-diff-length` flag |
renovate
bot
force-pushed
the
renovate/ghcr.io-akuity-kargo-charts-kargo-1.x
branch
16 times, most recently
from
2051b62 to
b2cac0a
Compare
renovate
bot
force-pushed
the
renovate/ghcr.io-akuity-kargo-charts-kargo-1.x
branch
3 times, most recently
from
fd3c0c1 to
1a07c58
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/ghcr.io-akuity-kargo-charts-kargo-1.x
branch
6 times, most recently
from
5651a96 to
57dfdf3
Compare
renovate
bot
force-pushed
the
renovate/ghcr.io-akuity-kargo-charts-kargo-1.x
branch
16 times, most recently
from
c6d3485 to
f066240
Compare
renovate
bot
force-pushed
the
renovate/ghcr.io-akuity-kargo-charts-kargo-1.x
branch
2 times, most recently
from
51436bf to
585d299
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/ghcr.io-akuity-kargo-charts-kargo-1.x
branch
3 times, most recently
from
f1dace8 to
58dd0ae
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/ghcr.io-akuity-kargo-charts-kargo-1.x
branch
5 times, most recently
from
279e54e to
8aa38ed
Compare
renovate
bot
force-pushed
the
renovate/ghcr.io-akuity-kargo-charts-kargo-1.x
branch
from
8aa38ed to
f85d11c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.5.3->1.8.1Release Notes
akuity/kargo (ghcr.io/akuity/kargo-charts/kargo)
v1.8.1Compare Source
v1.8.0Compare Source
v1.8.0 Release Notes
🚀 The Kargo team is proud to unveil our feature-packed v1.8.0 release!
The format of logs emitted by Kargo components has changed slightly.
None
✨ Noteworthy Features
Now the fun stuff! As usual, we packed so much great stuff into this release that we'd be here a very long time if we were to cover all of it in detail. Here's our still longer-than-usual list of new or improved features that we regard as being especially noteworthy.
Freightcreation criteria:Warehouseresources can now use expression-based criteria to control when automaticFreightcreation occurs. This solves the long-standing problem ofWarehouses creatingFreightwith incompatible artifact combinations when subscribed to multiple repositories.With a
Warehouse'sFreightcreation policy set toAutomatic, you can now provide criteria as an expression that must evaluate totruefor automaticFreightcreation to proceed. For example, to ensureFreightis created only when front end and back end container images have matching version tags:You can read more about this new feature in the Working with Warehouses section of Kargo's documentation.
Syncing to an upstream
Stage: A new auto-promotion policy,MatchUpstream, allowsStageresource to perpetually sync with their immediate upstreamStageinstead of always promoting the newest availableFreight. This is ideal for scenarios like keeping a performance testing environment synced with the exact same artifacts currently being tested in a QA environment.You can read more about this feature in the Working with Stages section of Kargo's documentation.
git-merge-prpromotion step: A new promotion step enables automated merging of pull requests. This addresses requests from users who want to open PRs only for the audit purposes, then merge them immediately. This feature is in beta state.You can read more about this feature on the
git-merge-prpromotion step's reference page.New and improved metadata support: You can now propagate important context between
Stages using a newset-metadatapromotion step. Arbitrary metadata attached toFreightandStageresources can be retrieved using newstageMetadata()andfreightMetadata()expression functions. This enables use cases like associating a Slack thread ID with aFreightresource and sending an update to that thread each time theFreightis promoted to a differentStage.To learn more about these features, refer to the reference docs for the
set-metadatapromotion step as well as thefreightMetadata()andstageMetadata()sections of the expressions reference docs.Improved OIDC claim-to-ServiceAccount mappings: The system for mapping authenticated users to Kubernetes
ServiceAccounts has been overhauled with a new format that supports special characters not permitted in Kubernetes annotation keys. The change is largely transparent - existing mappings will migrate automatically with no user action required.You can read more about mappings in the operator guide and user guide.
Harbor webhook receiver: A new webhook receiver triggers
Warehouseartifact discovery when container images or Helm charts are pushed to Harbor registries.To learn more, refer to the Harbor webhook receiver reference docs. Special thanks to @ahockersten for this contribution.
Logging improvements: We've replaced Kargo's internal logging framework, resulting in minor format changes to unstructured logs and new support for structured JSON logs (opt-in via chart settings).
Favorite
Projects:Projects can now be "starred" for quick access - perfect for organizations with a very large number ofProjects.Drag 'n' drop
Promotions: Need we say more?New
Freightassembly option: A newFreight"clone" feature lets you use existingFreightas a template, selecting only the artifact revisions you want to change from the original.Special Thanks
Thank you, as always, to community members who made their first contribution to Kargo in this release!
Full Changelog: akuity/kargo@v1.7.5...v1.8.0
v1.7.6Compare Source
v1.7.5Compare Source
What's Changed
FreightOutput by @akuitybot in #5001desiredRevisionby @akuitybot in #5013desiredRevision(#5013) by @krancour in #5029Full Changelog: akuity/kargo@v1.7.4...v1.7.5
v1.7.4Compare Source
What's Changed
Full Changelog: akuity/kargo@v1.7.3...v1.7.4
v1.7.3Compare Source
What's Changed
semverwithconstraintby @akuitybot in #4867vars&outputsinhttpstep's success/failure expressions by @akuitybot in #4868Full Changelog: akuity/kargo@v1.7.2...v1.7.3
v1.7.2Compare Source
What's Changed
Full Changelog: akuity/kargo@v1.7.1...v1.7.2
v1.7.1Compare Source
What's Changed
Full Changelog: akuity/kargo@v1.7.0...v1.7.1
v1.7.0Compare Source
🚀 The Kargo team is excited to bring you v1.7.0, which expands Kargo's integration capabilities with new webhook receivers and Promotion steps!
As announced in our
v1.5.0release notes, several deprecated features have been removed in this release.specfield has been removed from the Project CRD in favor of the ProjectConfig CRD.secretsmap has been removed from the Promotion variables. The better performingsecret()function should be used instead.git-open-prstep no longer produces output with the keyprNumber. The same information is available in thepr.idoutput, with other information about the PR available in theprobject.gitRepoURLfield has been removed from a Warehouse's container image subscription. This information is now retrieved from OCI annotations instead of being specified directly by the user.Other breaking changes:
httpstep's determination of success / failure / indeterminate (retry) is now more intuitive. It aligns with how people thought it worked before, but is a change from how it actually worked. Refer to the documentation for more details.The Warehouse's container image subscription's
semverConstraintfield is now deprecated and scheduled for removal in the v1.9.0 release. Use the new, more genericconstraintfield. It will accept a semantic version constraint string if the image selection strategy isSemVer(the default).✨ New Features
🪝 Webhook Receivers
The webhook receivers introduced in v1.6.0 have been enhanced in this release to improve their performance. From now on, webhook receivers will not unnecessarily refresh a Warehouse (triggering artifact discovery) if the tag, version or references extracted from the payload would be ignored by the Warehouse's subscription.
Additionally, support for the following webhook receivers has been added:
🪜 New and Updated Promotion Steps
To allow Promotions to work with more types of artifacts, two new Promotion steps have been added in this release:
oci-download: With this step, you can download an OCI artifact from a remote registry and use it in your Promotion. This is for example useful to download a Helm chart from a remote OCI registry and use it with thehelm-templatestep.http-download: This step allows you to download any file from a remote HTTP server and use it in your Promotion.Additionally, the following improvements have been made to existing Promotion steps:
helm-templatenow supports configuring anoutLayoutto control the output directory structure of rendered Helm charts. By setting it toflat, the rendered chart will be output in a flat directory structure instead of Helm's default nested structure.helm-update-chartdoes not require thechartsfield to be set anymore. If it is not set, the chart dependencies will be updated according to the SemVer constraints specified in theChart.yamlfile.🖥️ UI Improvements
🛠️ Other Notable Changes
org.opencontainers.image.createdororg.label-schema.build-dateannotation set, Kargo will now use that date as the image's creation date instead of the creation time set on the image itself. This resolves issues where layer caching could cause newer images to appear older than they actually are, leading to inconsistent image selection behavior. (Thanks to @bmbferreira for this contribution!)kargo-project-creatorServiceAccount that automatically grants Project creators admin permissions on their created Projects. This enables users to create, manage, and delete their own Projects without requiring manual admin intervention for permission setup.controller.isDefaultconfiguration option that allows a single controller instance to process both shard-specific resources and unassigned resources simultaneously, providing more flexibility in multi-controller deployments.kargo-promoterrole is now automatically created in each Project namespace, enabling a "release manager" pattern where users can control the timing of releases without having the ability to modify pipelines. The promoter role grants permissions to promote Stages and create Promotions while restricting access to create, update, or delete core pipeline resources like Stages and Warehouses.offline_accessscope, and tolerance for trailing slashes in OIDC issuer URLs. (Thanks to @02strich for this contribution!)🙏 New Contributors
As always, we would love to thank all first-time community contributors for their efforts! This release includes contributions from:
Full Changelog: akuity/kargo@v1.6.2...v1.7.0
v1.6.2Compare Source
What's Changed
Cluster->ClusterConfigby @akuitybot in #4656httpwithout header by @hiddeco in #4721Full Changelog: akuity/kargo@v1.6.1...v1.6.2
v1.6.1Compare Source
What's Changed
Full Changelog: akuity/kargo@v1.6.0...v1.6.1
v1.6.0Compare Source
The Kargo team is excited to bring you v1.6.0, which delivers several eagerly anticipated features! Let's take a look!
🆕 What's New?
🪝 Webhooks
In Kargo's initial prototype nearly three years ago, we relied exclusively on webhook requests sent by external platforms like GitHub or Docker Hub to inform Kargo of the existence of new artifacts. As anyone who's worked with webhooks before likely knows, webhooks are not an entirely reliable means of notification. If your server is down, a missed notification is missed forever.☹️ It wasn't long before we changed our approach to Warehouses that periodically poll for new artifacts in a process we call "discovery." Although more reliable, discovery can be very inefficient. Even with aggressive caching on the Kargo side, architectural idiosyncrasies of OCI registries (used for container images or Helm charts) can make discovery a very "chatty" process. ☎️ Given that Kargo can execute a finite number of these processes concurrently and given that many OCI registries aggressively enforcement rate limits, system-wide performance of Warehouses can be quite... slow. 🐌 Although Warehouses poll for new artifacts every five minutes (by default) under nominal conditions, poor Warehouse performance could result in much, much longer intervals before Kargo effectively notices new artifacts.
One can easily see why it would be desirable to avoid executing discovery processes frequently if occurrences of those processes actually finding new artifacts is, comparatively, infrequent. So, counter-intuitively, configuring Warehouses to execute their discovery processes less frequently could improve system-wide performance -- at the expense of individual Warehouses still not noticing new artifacts any faster than before.
The ideal solution to this conundrum is for scheduled discovery to occur at much greater intervals (i.e. much less frequently), but for Warehouses to be notified when an ad-hoc discovery process would be guaranteed to find new artifacts (which we do not wish to depend upon exclusively since such notifications are less reliable). Thus, Kargo v1.6.0's "anchor feature" is the introduction of robust webhook support. ⚓️
Webhook receivers for popular Git hosting platforms and OCI registries are easily configured at the Project level (using the
ProjectConfigresource introduced in v1.5.0) or at the system level using a brand newClusterConfigresource. A webhook receiver configured at the Project level will prompt Warehouses within the Project to execute discovery of new artifacts only if they are subscribed to the repository from which an inbound webhook request originated. A receiver configured at the system level will do the same for Warehouses across all Projects. These receivers make it practical for Project admins and Kargo system admins alike to reduce the frequency of discovery processes that are less likely to find new artifacts and still execute a discovery process promptly when new artifacts are guaranteed to be found.v1.6.0 delivers webhook receivers for the following platforms, with more to come in future releases:
For general information and "how-tos" pertaining to webhook receivers, refer to Kargo's Working with Warehouses documentation. Individual receivers each have their own reference documentation as well.
main), a webhook request notifying Kargo of a push event to that repository will trigger that Warehouse's artifact discovery process even if the push were to some other branch (for example, a feature branch or Stage-specific "rendered" branch). The same applies to container image repositories. If, for instance, a Warehouse subscribes to semantically versioned images in some repository, but is notified that an image tagged non-semantically has been pushed, that Warehouse's discovery process will still execute. Depending on the level of activity in your repositories, you may wish not to use this feature yet. The Kargo team is intent on optimizing our webhook support in the v1.7.0 timeframe so that details of a Warehouse's subscriptions are utilized to filter events and prevent unnecessarily triggering discovery processes.💥 We are just getting started where webhooks are concerned. With the general framework now in place for receiving and acting on notifications from external systems, we intend to speed up other parts of Kargo. For instance, we may begin using notifications of PRs being merged (or closed unmerged) to resume any applicable Promotion currently paused on a
git-wait-for-prstep.🎂 Other Features
With the Kargo team having been so intently focused on webhooks, all the other features are the icing on the proverbial cake. But this frosting is tasty!
Here is a non-exhaustive list of notable features included in this release:
Stages with a single upstream Stage now have an option in the UI to promote whatever Freight is present in the upstream. (Think of this as "pulling" from upstream.)
When promoting Freight to a Stage using the UI, remaining soak time before a given promotion is permitted is now displayed (when applicable).
For Kargo instances authenticating users via Open ID Connect, all claims from a logged-in user's identity token are now visible to that user on the user page. This is expected to be helpful to users and administrators alike when troubleshooting permission problems.
ProjectConfigresources introduced in v1.5.0 can now be created, edited, and deleted via the UI. The newly introducedClusterConfigresources can also be managed through the UI.ConfigMapresources can now be created, edited, and deleted using the UI.Warehouse subscriptions to Git repositories may now utilize expressions to to select or ignore commits on the basis of commit metadata.
Beta: Kubernetes namespaces "adopted" by Kargo Projects can be configured to be retained (instead of deleted), when the Project is deleted.
🚨 Breaking Changes
git-commitpromotion step will now complete with aSkippedstatus instead ofSucceededif it detects there no diffs in the working tree.None
🙏 First Time Contributors
As always, we would love to thank all first-time community contributors for their efforts! This release includes contributions from:
Full Changelog: akuity/kargo@v1.5.3...v1.6.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.