Add a `--interval-jitter-percentage` flag to the controller to
add a +/- percentage jitter to the `Kustomization.spec.interval`.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
When the flag --default-service-account was added it changed
slightly the behaviour of the spec.KubeConfig field. It forces
the impersonation to always take place, either via the contents
of spec.ServiceAccountName or its fallback at controller level.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
This includes an update of the source-controller to v0.22.0, to pull in
the v1beta2 API which makes use of the same packages.
Co-authored-by: Sunny <darkowlzz@protonmail.com>
Signed-off-by: Hidde Beydals <hello@hidde.co>
In a Kustomization's post-build substitution sources, introduce a new
"Optional" field to allow referencing a Kubernetes ConfigMap or Secret
that may not exist at time of reconciliation. Treat substitution when
the referenced object is missing as if the object had been present but
empty, lacking any variable bindings.
Retain the longstanding behavior of interpreting references to
Kubernetes objects being mandatory by default, such that
reconciliation fails if such a referenced object does not exist. Only
when the "Optional" field is set to true will reconciliation tolerate
finding the referenced object to be missing.
Signed-off-by: Steven E. Harris <seh@panix.com>
- Add `.spec.wait` optional boolean field to API
- Wait for all applied resources to become ready when `.spec.wait` is set to `true`
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Changes from v1beta1:
- `spec.validation` removed (server-side validation is implicit)
- `spec.status.snapshot` replaced by `spec.status.inventory`
- `spec.patchesStrategicMerge` deprecated in favour of `spec.patches`
- `spec.patchesJson6902` deprecated in favour of `spec.patches`
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Allow patching multiple resources instead of a single existing one as
StrategicMerge & JSON6902 are forced to target existing named resources.
Signed-off-by: Guillaume Le Biller <glebiller@Traveldoo.com>
Allow passing --force to kubectl apply. Useful when dealing with
immutable field changes in resources.
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
The spec.retryInterval is the interval at which to retry a previously failed reconciliation.
When not specified, it defaults to the spec.interval value.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
As due to secure joins, the requirement on both providing a path
and/or requiring it to be in a certain format offers little value
over the UX experience of not having to provide it when you just
want to reconcile whatever can be found in the root of the source
reference.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Drop the ServiceAccount field in favour of ServiceAccountName to prevent privilege escalation in multi-tenancy environments.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Updates to use metav1.Condition type and removes references for
deprecated corev1.Condition* constants and uses the new k8s api/meta
helpers in place of the old pkg/apis/meta types.
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
Stefan Prodan
Matheus Pimenta
Erik Godding Boye
Hidde Beydals
Hidde Beydals
Kristian Klausen
Nick Stogner
Paulo Gomes
Steven E. Harris
Guillaume Le Biller
Aurel Canciu
Somtochi Onyekwere
Michael Bridgen
leigh capili