chore(deps): update ghcr.io/akuity/kargo-charts/kargo docker tag to v1.7.2 #612
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
![renovate-approve[bot]](https://avatars.githubusercontent.com/in/7394?s=60&v=4){kind=small}
Argo CD Diff PreviewSummary: {base => target}/kargo | 2293 +++++++++++++++++++++++++++-------
{base => target}/kubernetes-services | 2 +-
2 files changed, 1835 insertions(+), 460 deletions(-)Diff:diff --git base/kargo target/kargo
index 25dad73..0a2dad5 100644
--- base/kargo
+++ target/kargo
@@ -1,333 +1,450 @@
---
apiVersion: v1
data:
ADMIN_ACCOUNT_ENABLED: "true"
ADMIN_ACCOUNT_TOKEN_AUDIENCE: localhost
ADMIN_ACCOUNT_TOKEN_ISSUER: https://localhost
ADMIN_ACCOUNT_TOKEN_TTL: 24h
+ CLUSTER_SECRETS_NAMESPACE: kargo-cluster-secrets
KARGO_NAMESPACE: kargo
LOG_LEVEL: INFO
PERMISSIVE_CORS_POLICY_ENABLED: "false"
ROLLOUTS_INTEGRATION_ENABLED: "true"
SECRET_MANAGEMENT_ENABLED: "true"
TLS_CERT_PATH: /etc/kargo/tls.crt
TLS_ENABLED: "true"
TLS_KEY_PATH: /etc/kargo/tls.key
kind: ConfigMap
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ConfigMap:kargo/kargo-api
labels:
app.kubernetes.io/component: api
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
name: kargo-api
namespace: kargo
---
apiVersion: v1
data:
ALLOW_CREDENTIALS_OVER_HTTP: "false"
API_SERVER_BASE_URL: https://localhost
ARGOCD_INTEGRATION_ENABLED: "true"
ARGOCD_NAMESPACE: argocd
ARGOCD_WATCH_ARGOCD_NAMESPACE_ONLY: "false"
+ CLUSTER_SECRETS_NAMESPACE: kargo-cluster-secrets
GITCLIENT_EMAIL: [email protected]
GITCLIENT_NAME: Kargo
GITCLIENT_SIGNING_KEY_TYPE: gpg
GLOBAL_CREDENTIALS_NAMESPACES: ""
+ IS_DEFAULT_CONTROLLER: "true"
LOG_LEVEL: INFO
MAX_CONCURRENT_CONTROL_FLOW_RECONCILES: "4"
MAX_CONCURRENT_PROMOTION_RECONCILES: "4"
MAX_CONCURRENT_STAGE_RECONCILES: "4"
MAX_CONCURRENT_WAREHOUSE_RECONCILES: "4"
+ MIN_WAREHOUSE_RECONCILIATION_INTERVAL: 5m0s
ROLLOUTS_CONTROLLER_INSTANCE_ID: ""
ROLLOUTS_INTEGRATION_ENABLED: "true"
kind: ConfigMap
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ConfigMap:kargo/kargo-controller
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
name: kargo-controller
namespace: kargo
+---
+apiVersion: v1
+data:
+ CLUSTER_SECRETS_NAMESPACE: kargo-cluster-secrets
+ EXTERNAL_WEBHOOK_SERVER_BASE_URL: https://localhost
+ KARGO_NAMESPACE: kargo
+ LOG_LEVEL: INFO
+ TLS_CERT_PATH: /etc/kargo/tls.crt
+ TLS_ENABLED: "true"
+ TLS_KEY_PATH: /etc/kargo/tls.key
+kind: ConfigMap
+metadata:
+ annotations:
+ argocd.argoproj.io/tracking-id: kargo:/ConfigMap:kargo/kargo-external-webhooks-server
+ labels:
+ app.kubernetes.io/component: external-webhooks-server
+ app.kubernetes.io/instance: kargo
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: kargo
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
+ name: kargo-external-webhooks-server
+ namespace: kargo
+
---
apiVersion: v1
data:
LOG_LEVEL: INFO
MAX_RETAINED_FREIGHT: "20"
MAX_RETAINED_PROMOTIONS: "20"
MIN_FREIGHT_DELETION_AGE: 336h
MIN_PROMOTION_DELETION_AGE: 336h
NUM_WORKERS: "3"
kind: ConfigMap
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ConfigMap:kargo/kargo-garbage-collector
labels:
app.kubernetes.io/component: garbage-collector
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
name: kargo-garbage-collector
namespace: kargo
---
apiVersion: v1
data:
+ CLUSTER_SECRETS_NAMESPACE: kargo-cluster-secrets
+ EXTERNAL_WEBHOOK_SERVER_BASE_URL: https://localhost
KARGO_NAMESPACE: kargo
LOG_LEVEL: INFO
MAX_CONCURRENT_NAMESPACE_RECONCILES: "4"
+ MAX_CONCURRENT_PROJECT_CONFIG_RECONCILES: "4"
MAX_CONCURRENT_PROJECT_RECONCILES: "4"
MAX_CONCURRENT_SERVICE_ACCOUNT_RECONCILES: "4"
kind: ConfigMap
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ConfigMap:kargo/kargo-management-controller
labels:
app.kubernetes.io/component: management-controller
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
name: kargo-management-controller
namespace: kargo
---
apiVersion: v1
data:
CONTROLPLANE_USER_REGEX: ^system:serviceaccount:kargo:(kargo-api|kargo-controller|kargo-garbage-collector|kargo-management-controller)$
KARGO_NAMESPACE: kargo
LOG_LEVEL: INFO
kind: ConfigMap
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ConfigMap:kargo/kargo-webhooks-server
labels:
- app.kubernetes.io/component: webhooks-server
+ app.kubernetes.io/component: kubernetes-webhooks-server
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
name: kargo-webhooks-server
namespace: kargo
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ annotations:
+ argocd.argoproj.io/tracking-id: kargo:/Namespace:kargo/kargo-cluster-secrets
+ labels:
+ app.kubernetes.io/instance: kargo
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: kargo
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
+ name: kargo-cluster-secrets
+
---
apiVersion: v1
data:
ADMIN_ACCOUNT_PASSWORD_HASH: ++++++++
ADMIN_ACCOUNT_TOKEN_SIGNING_KEY: ++++++++
kind: Secret
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/Secret:kargo/kargo-api
labels:
app.kubernetes.io/component: api
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
name: kargo-api
namespace: kargo
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/Service:kargo/kargo-api
labels:
app.kubernetes.io/component: api
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
name: kargo-api
namespace: kargo
spec:
ports:
- port: 443
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/component: api
app.kubernetes.io/instance: kargo
app.kubernetes.io/name: kargo
type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ annotations:
+ argocd.argoproj.io/tracking-id: kargo:/Service:kargo/kargo-external-webhooks-server
+ labels:
+ app.kubernetes.io/component: external-webhooks-server
+ app.kubernetes.io/instance: kargo
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: kargo
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
+ name: kargo-external-webhooks-server
+ namespace: kargo
+spec:
+ ports:
+ - port: 443
+ protocol: TCP
+ targetPort: 8080
+ selector:
+ app.kubernetes.io/component: external-webhooks-server
+ app.kubernetes.io/instance: kargo
+ app.kubernetes.io/name: kargo
+ type: ClusterIP
+
---
apiVersion: v1
kind: Service
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/Service:kargo/kargo-webhooks-server
labels:
- app.kubernetes.io/component: webhooks-server
+ app.kubernetes.io/component: kubernetes-webhooks-server
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
name: kargo-webhooks-server
namespace: kargo
spec:
ports:
- port: 443
protocol: TCP
targetPort: 9443
selector:
- app.kubernetes.io/component: webhooks-server
+ app.kubernetes.io/component: kubernetes-webhooks-server
app.kubernetes.io/instance: kargo
app.kubernetes.io/name: kargo
type: ClusterIP
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-admin
labels:
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
name: kargo-admin
namespace: kargo
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-api
labels:
app.kubernetes.io/component: api
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
name: kargo-api
namespace: kargo
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-controller
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
name: kargo-controller
namespace: kargo
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ annotations:
+ argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-external-webhooks-server
+ labels:
+ app.kubernetes.io/component: external-webhooks-server
+ app.kubernetes.io/instance: kargo
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: kargo
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
+ name: kargo-external-webhooks-server
+ namespace: kargo
+
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-garbage-collector
labels:
app.kubernetes.io/component: garbage-collector
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
name: kargo-garbage-collector
namespace: kargo
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-management-controller
labels:
app.kubernetes.io/component: management-controller
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
name: kargo-management-controller
namespace: kargo
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ annotations:
+ argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-project-creator
+ labels:
+ app.kubernetes.io/instance: kargo
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: kargo
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
+ name: kargo-project-creator
+ namespace: kargo
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ annotations:
+ argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-user
+ labels:
+ app.kubernetes.io/instance: kargo
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: kargo
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
+ name: kargo-user
+ namespace: kargo
+
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-viewer
labels:
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
name: kargo-viewer
namespace: kargo
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:/ServiceAccount:kargo/kargo-webhooks-server
labels:
- app.kubernetes.io/component: webhooks-server
+ app.kubernetes.io/component: kubernetes-webhooks-server
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
name: kargo-webhooks-server
namespace: kargo
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:admissionregistration.k8s.io/MutatingWebhookConfiguration:kargo/kargo
cert-manager.io/inject-ca-from: kargo/kargo-webhooks-server
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
name: kargo
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kargo-webhooks-server
namespace: kargo
path: /mutate-kargo-akuity-io-v1alpha1-freight
failurePolicy: Fail
@@ -413,24 +530,66 @@ apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
argocd.argoproj.io/tracking-id: kargo:admissionregistration.k8s.io/ValidatingWebhookConfiguration:kargo/kargo
cert-manager.io/inject-ca-from: kargo/kargo-webhooks-server
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: kargo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kargo
- app.kubernetes.io/version: v1.5.3
- helm.sh/chart: kargo-1.5.3
+ app.kubernetes.io/version: v1.7.2
+ helm.sh/chart: kargo-1.7.2
name: kargo
webhooks:
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kargo-webhooks-server
+ namespace: kargo
+ path: /validate-kargo-akuity-io-v1alpha1-clusterconfig
+ failurePolicy: Fail
+ name: clusterconfig.kargo.akuity.io
+ rules:
+ - apiGroups:
+ - kargo.akuity.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - clusterconfigs
+ scope: Cluster
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kargo-webhooks-server
+ namespace: kargo
+ path: /validate-kargo-akuity-io-v1alpha1-clusterpromotiontask
+ failurePolicy: Fail
+ name: clusterpromotiontask.kargo.akuity.io
+ rules:
+ - apiGroups:
+ - kargo.akuity.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - clusterpromotiontasks
+ scope: Cluster
+ sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kargo-webhooks-server
namespace: kargo
path: /validate-kargo-akuity-io-v1alpha1-freight
failurePolicy: Fail
name: freight.kargo.akuity.io
rules:
@@ -520,20 +679,21 @@ webhooks:
path: /validate-kargo-akuity-io-v1alpha1-promotiontask
failurePolicy: Fail
name: promotiontask.kargo.akuity.io
rules:
- apiGroups:
- kargo.akuity.io
apiVersions:
- v1alpha1
operations:
- CREATE
+ - UPDATE
resources:
- promotiontasks
scope: Namespaced
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kargo-webhooks-server
namespace: kargo
@@ -574,149 +734,597 @@ webhooks:
scope: Namespaced
sideEffects: None
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.18.0
helm.sh/resource-policy: keep
- name: clusterpromotiontasks.kargo.akuity.io
+ name: clusterconfigs.kargo.akuity.io
spec:
group: kargo.akuity.io
names:
- kind: ClusterPromotionTask
- listKind: ClusterPromotionTaskList
- plural: clusterpromotiontasks
+ kind: ClusterConfig
+ listKind: ClusterConfigList
+ plural: clusterconfigs
shortNames:
- - clusterpromotask
- - clusterpromotasks
- singular: clusterpromotiontask
+ - clusterconfig
+ - clusterconfigs
+ singular: clusterconfig
scope: Cluster
versions:
- additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
+ description: |-
+ ClusterConfig is a resource type that describes cluster-level Kargo
+ configuration.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
- description: |-
- Spec describes the desired transition of a specific Stage into a specific
- Freight.
+ description: Spec describes the configuration of a cluster.
properties:
- steps:
+ webhookReceivers:
description: |-
- Steps specifies the directives to be executed as part of this
- PromotionTask. The steps as defined here are inflated into a
- Promotion when it is built from a PromotionTemplate.
+ WebhookReceivers describes cluster-scoped webhook receivers used for
+ processing events from various external platforms
items:
- description: PromotionStep describes a directive to be executed
- as part of a Promotion.
+ description: |-
+ WebhookReceiverConfig describes the configuration for a single webhook
+ receiver.
properties:
- as:
- description: As is the alias this step can be referred to as.
- type: string
- config:
+ artifactory:
description: |-
- Config is opaque configuration for the PromotionStep that is understood
- only by each PromotionStep's implementation. It is legal to utilize
- expressions in defining values at any level of this block.
- See https://docs.kargo.io/user-guide/reference-docs/expressions for details.
- x-kubernetes-preserve-unknown-fields: true
- continueOnError:
+ Artifactory contains the configuration for a webhook receiver that is
+ compatible with JFrog Artifactory payloads.
+ properties:
+ secretRef:
+ description: |-
+ SecretRef contains a reference to a Secret. For Project-scoped webhook
+ receivers, the referenced Secret must be in the same namespace as the
+ ProjectConfig.
+
+ For cluster-scoped webhook receivers, the referenced Secret must be in the
+ designated "cluster Secrets" namespace.
+
+ The Secret's data map is expected to contain a `secret-token` key whose
+ value is the shared secret used to authenticate the webhook requests sent
+ by JFrog Artifactory. For more information please refer to the JFrog
+ Artifactory documentation:
+ https://jfrog.com/help/r/jfrog-platform-administration-documentation/webhooks
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - secretRef
+ type: object
+ azure:
description: |-
- ContinueOnError is a boolean value that, if set to true, will cause the
- Promotion to continue executing the next step even if this step fails. It
- also will not permit this failure to impact the overall status of the
- Promotion.
- type: boolean
- if:
+ Azure contains the configuration for a webhook receiver that is compatible
+ with Azure Container Registry (ACR) and Azure DevOps payloads.
+ properties:
+ secretRef:
+ description: "SecretRef contains a reference to a Secret.
+ For Project-scoped webhook\nreceivers, the referenced
+ Secret must be in the same namespace as the\nProjectConfig.\n\nFor
+ cluster-scoped webhook receivers, the referenced Secret
+ must be in the\ndesignated \"cluster Secrets\" namespace.\n\nThe
+ Secret's data map is expected to contain a `secret` key
+ whose value\ndoes NOT need to be shared directly with
+ Azure when registering a webhook.\nIt is used only by
+ Kargo to create a complex, hard-to-guess URL,\nwhich implicitly
+ serves as a shared secret. For more information about\nAzure
+ webhooks, please refer to the Azure documentation:\n\n
+ Azure Container Registry:\n\thttps://learn.microsoft.com/en-us/azure/container-registry/container-registry-repositories\n\n
+ Azure DevOps:\n\thttp://learn.microsoft.com/en-us/azure/devops/service-hooks/services/webhooks?view=azure-devops"
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - secretRef
+ type: object
+ bitbucket:
description: |-
- If is an optional expression that, if present, must evaluate to a boolean
- value. If the expression evaluates to false, the step will be skipped.
- If the expression does not evaluate to a boolean value, the step will be
- considered to have failed.
- type: string
- retry:
- description: Retry is the retry policy for this step.
+ Bitbucket contains the configuration for a webhook receiver that is
+ compatible with Bitbucket payloads.
properties:
- errorThreshold:
+ secretRef:
description: |-
- ErrorThreshold is the number of consecutive times the step must fail (for
- any reason) before retries are abandoned and the entire Promotion is marked
- as failed.
-
- If this field is set to 0, the effective default will be a step-specific
- one. If no step-specific default exists (i.e. is also 0), the effective
- default will be the system-wide default of 1.
+ SecretRef contains a reference to a Secret. For Project-scoped webhook
+ receivers, the referenced Secret must be in the same namespace as the
+ ProjectConfig.
- A value of 1 will cause the Promotion to be marked as failed after just
- a single failure; i.e. no retries will be attempted.
+ For cluster-scoped webhook receivers, the referenced Secret must be in the
+ designated "cluster Secrets" namespace.
- There is no option to specify an infinite number of retries using a value
- such as -1.
+ The Secret's data map is expected to contain a `secret` key whose
+ value is the shared secret used to authenticate the webhook requests sent
+ by Bitbucket. For more information please refer to the Bitbucket
+ documentation:
+ https://support.atlassian.com/bitbucket-cloud/docs/manage-webhooks/
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - secretRef
+ type: object
+ dockerhub:
+ description: |-
+ DockerHub contains the configuration for a webhook receiver that is
+ compatible with DockerHub payloads.
+ properties:
+ secretRef:
+ description: |-
+ SecretRef contains a reference to a Secret. For Project-scoped webhook
+ receivers, the referenced Secret must be in the same namespace as the
+ ProjectConfig.
- In a future release, Kargo is likely to become capable of distinguishing
- between recoverable and non-recoverable step failures. At that time, it is
- planned that unrecoverable failures will not be subject to this threshold
- and will immediately cause the Promotion to be marked as failed without
- further condition.
- format: int32
- type: integer
- timeout:
+ The Secret's data map is expected to contain a `secret` key whose value
+ does NOT need to be shared directly with Docker Hub when registering a
+ webhook. It is used only by Kargo to create a complex, hard-to-guess URL,
+ which implicitly serves as a shared secret. For more information about
+ Docker Hub webhooks, please refer to the Docker documentation:
+ https://docs.docker.com/docker-hub/webhooks/
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - secretRef
+ type: object
+ gitea:
+ description: |-
+ Gitea contains the configuration for a webhook receiver that is compatible
+ with Gitea payloads.
+ properties:
+ secretRef:
description: |-
- Timeout is the soft maximum interval in which a step that returns a Running
- status (which typically indicates it's waiting for something to happen)
- may be retried.
+ SecretRef contains a reference to a Secret. For Project-scoped webhook
+ receivers, the referenced Secret must be in the same namespace as the
+ ProjectConfig.
- The maximum is a soft one because the check for whether the interval has
- elapsed occurs AFTER the step has run. This effectively means a step may
- run ONCE beyond the close of the interval.
+ For cluster-scoped webhook receivers, the referenced Secret must be in the
+ designated "cluster Secrets" namespace.
- If this field is set to nil, the effective default will be a step-specific
- one. If no step-specific default exists (i.e. is also nil), the effective
- default will be the system-wide default of 0.
+ The Secret's data map is expected to contain a `secret` key whose value is
+ the shared secret used to authenticate the webhook requests sent by Gitea.
+ For more information please refer to the Gitea documentation:
+ https://docs.gitea.io/en-us/webhooks/
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - secretRef
+ type: object
+ github:
+ description: |-
+ GitHub contains the configuration for a webhook receiver that is compatible
+ with GitHub payloads.
+ properties:
+ secretRef:
+ description: |-
+ SecretRef contains a reference to a Secret. For Project-scoped webhook
+ receivers, the referenced Secret must be in the same namespace as the
+ ProjectConfig.
- A value of 0 will cause the step to be retried indefinitely unless the
- ErrorThreshold is reached.
- type: string
+ For cluster-scoped webhook receivers, the referenced Secret must be in the
+ designated "cluster Secrets" namespace.
+
+ The Secret's data map is expected to contain a `secret` key whose value is
+ the shared secret used to authenticate the webhook requests sent by GitHub.
+ For more information please refer to GitHub documentation:
+ https://docs.github.com/en/webhooks/using-webhooks/validating-webhook-deliveries
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - secretRef
type: object
- task:
+ gitlab:
description: |-
- Task is a reference to a PromotionTask that should be inflated into a
- Promotion when it is built from a PromotionTemplate.
+ GitLab contains the configuration for a webhook receiver that is compatible
+ with GitLab payloads.
properties:
- kind:
+ secretRef:
description: |-
- Kind is the type of the PromotionTask. Can be either PromotionTask or
- ClusterPromotionTask, default is PromotionTask.
+ SecretRef contains a reference to a Secret. For Project-scoped webhook
+ receivers, the referenced Secret must be in the same namespace as the
+ ProjectConfig.
+
+ For cluster-scoped webhook receivers, the referenced Secret must be in the
+ designated "cluster Secrets" namespace.
+
+ The secret is expected to contain a `secret-token` key containing the
+ shared secret specified when registering the webhook in GitLab. For more
+ information about this token, please refer to the GitLab documentation:
+ https://docs.gitlab.com/user/project/integrations/webhooks/
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - secretRef
+ type: object
+ name:
+ description: Name is the name of the webhook receiver.
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ quay:
+ description: |-
+ Quay contains the configuration for a webhook receiver that is compatible
+ with Quay payloads.
+ properties:
+ secretRef:
+ description: |-
+ SecretRef contains a reference to a Secret. For Project-scoped webhook
+ receivers, the referenced Secret must be in the same namespace as the
+ ProjectConfig.
+
+ For cluster-scoped webhook receivers, the referenced Secret must be in the
+ designated "cluster Secrets" namespace.
+
+ The Secret's data map is expected to contain a `secret` key whose value
+ does NOT need to be shared directly with Quay when registering a
+ webhook. It is used only by Kargo to create a complex, hard-to-guess URL,
+ which implicitly serves as a shared secret. For more information about
+ Quay webhooks, please refer to the Quay documentation:
+ https://docs.quay.io/guides/notifications.html
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - secretRef
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ status:
+ description: Status describes the current status of a ClusterConfig.
+ properties:
+ conditions:
+ description: |-
+ Conditions contains the last observations of the ClusterConfig's current
+ state.
+ items:
+ description: Condition contains details for one aspect of the current
+ state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ lastHandledRefresh:
+ description: |-
+ LastHandledRefresh holds the value of the most recent AnnotationKeyRefresh
+ annotation that was handled by the controller. This field can be used to
+ determine whether the request to refresh the resource has been handled.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that this
+ ClusterConfig was reconciled against.
+ format: int64
+ type: integer
+ webhookReceivers:
+ description: WebhookReceivers describes the status of cluster-scoped
+ webhook receivers.
+ items:
+ description: WebhookReceiverDetails encapsulates the details of
+ a webhook receiver.
+ properties:
+ name:
+ description: Name is the name of the webhook receiver.
+ type: string
+ path:
+ description: Path is the path to the receiver's webhook endpoint.
+ type: string
+ url:
+ description: URL includes the full address of the receiver's
+ webhook endpoint.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.18.0
+ helm.sh/resource-policy: keep
+ name: clusterpromotiontasks.kargo.akuity.io
+spec:
+ group: kargo.akuity.io
+ names:
+ kind: ClusterPromotionTask
+ listKind: ClusterPromotionTaskList
+ plural: clusterpromotiontasks
+ shortNames:
+ - clusterpromotask
+ - clusterpromotasks
+ singular: clusterpromotiontask
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ Spec describes the desired transition of a specific Stage into a specific
+ Freight.
+ properties:
+ steps:
+ description: |-
+ Steps specifies the directives to be executed as part of this
+ PromotionTask. The steps as defined here are inflated into a
+ Promotion when it is built from a PromotionTemplate.
+ items:
+ description: PromotionStep describes a directive to be executed
+ as part of a Promotion.
+ properties:
+ as:
+ description: As is the alias this step can be referred to as.
+ type: string
+ config:
+ description: |-
+ Config is opaque configuration for the PromotionStep that is understood
+ only by each PromotionStep's implementation. It is legal to utilize
+ expressions in defining values at any level of this block.
+ See https://docs.kargo.io/user-guide/reference-docs/expressions for details.
+ x-kubernetes-preserve-unknown-fields: true
+ continueOnError:
+ description: |-
+ ContinueOnError is a boolean value that, if set to true, will cause the
+ Promotion to continue executing the next step even if this step fails. It
+ also will not permit this failure to impact the overall status of the
+ Promotion.
+ type: boolean
+ if:
+ description: |-
+ If is an optional expression that, if present, must evaluate to a boolean
+ value. If the expression evaluates to false, the step will be skipped.
+ If the expression does not evaluate to a boolean value, the step will be
+ considered to have failed.
+ type: string
+ retry:
+ description: Retry is the retry policy for this step.
+ properties:
+ errorThreshold:
+ description: |-
+ ErrorThreshold is the number of consecutive times the step must fail (for
+ any reason) before retries are abandoned and the entire Promotion is marked
+ as failed.
+
+ If this field is set to 0, the effective default will be a step-specific
+ one. If no step-specific default exists (i.e. is also 0), the effective
+ default will be the system-wide default of 1.
+
+ A value of 1 will cause the Promotion to be marked as failed after just
+ a single failure; i.e. no retries will be attempted.
+
+ There is no option to specify an infinite number of retries using a value
+ such as -1.
+
+ In a future release, Kargo is likely to become capable of distinguishing
+ between recoverable and non-recoverable step failures. At that time, it is
+ planned that unrecoverable failures will not be subject to this threshold
+ and will immediately cause the Promotion to be marked as failed without
+ further condition.
+ format: int32
+ type: integer
+ timeout:
+ description: |-
+ Timeout is the soft maximum interval in which a step that returns a Running
+ status (which typically indicates it's waiting for something to happen)
+ may be retried.
+
+ The maximum is a soft one because the check for whether the interval has
+ elapsed occurs AFTER the step has run. This effectively means a step may
+ run ONCE beyond the close of the interval.
+
+ If this field is set to nil, the effective default will be a step-specific
+ one. If no step-specific default exists (i.e. is also nil), the effective
+ default will be the system-wide default of 0.
+
+ A value of 0 will cause the step to be retried indefinitely unless the
+ ErrorThreshold is reached.
+ type: string
+ type: object
+ task:
+ description: |-
+ Task is a reference to a PromotionTask that should be inflated into a
+ Promotion when it is built from a PromotionTemplate.
+ properties:
+ kind:
+ description: |-
+ Kind is the type of the PromotionTask. Can be either PromotionTask or
+ ClusterPromotionTask, default is PromotionTask.
enum:
- PromotionTask
- ClusterPromotionTask
type: string
name:
description: Name is the name of the (Cluster)PromotionTask.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
@@ -925,28 +1533,20 @@ spec:
additionalProperties:
type: string
description: Annotations is a map of arbitrary metadata for the
image.
type: object
digest:
description: |-
Digest identifies a specific version of the image in the repository
specified by RepoURL. This is a more precise identifier than Tag.
type: string
- gitRepoURL:
- description: |-
- GitRepoURL specifies the URL of a Git repository that contains the source
- code for the image repository referenced by the RepoURL field if Kargo was
- able to infer it.
-
- Deprecated: Use OCI annotations instead. Will be removed in v1.7.0.
- type: string
repoURL:
description: RepoURL describes the repository in which the image
can be found.
type: string
tag:
description: |-
Tag identifies a specific version of the image in the repository specified
by RepoURL.
type: string
type: object
@@ -1009,20 +1609,28 @@ spec:
description: |-
Since is the time at which the Stage most recently started using the
Freight. This can be used to calculate how long the Freight has been in use
by the Stage.
format: date-time
type: string
type: object
description: CurrentlyIn describes the Stages in which this Freight
is currently in use.
type: object
+ metadata:
+ additionalProperties:
+ x-kubernetes-preserve-unknown-fields: true
+ description: |-
+ Metadata is a map of arbitrary metadata associated with the Freight.
+ This is useful for storing additional information about the Freight
+ or Promotion that can be shared across steps or stages.
+ type: object
verifiedIn:
additionalProperties:
description: VerifiedStage describes a Stage in which Freight has
been verified.
properties:
longestSoak:
description: |-
LongestCompletedSoak represents the longest definite time interval wherein
the Freight was in CONTINUOUS use by the Stage. This value is updated as
Freight EXITS the Stage. If the Freight is currently in use by the Stage,
@@ -1059,20 +1667,26 @@ metadata:
spec:
group: kargo.akuity.io
names:
kind: ProjectConfig
listKind: ProjectConfigList
plural: projectconfigs
singular: projectconfig
scope: Namespaced
versions:
- additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: |-
ProjectConfig is a resource type that describes the configuration of a
Project.
properties:
@@ -1187,184 +1801,463 @@ spec:
promotion controls.
type: string
type: object
x-kubernetes-map-type: atomic
type: object
x-kubernetes-validations:
- message: PromotionPolicy must have exactly one of stage or stageSelector
set
rule: 'has(self.stage) ? !has(self.stageSelector) : has(self.stageSelector)'
type: array
- type: object
- type: object
- served: true
- storage: true
- subresources: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
- helm.sh/resource-policy: keep
- name: projects.kargo.akuity.io
-spec:
- group: kargo.akuity.io
- names:
- kind: Project
- listKind: ProjectList
- plural: projects
- singular: project
- scope: Cluster
- versions:
- - additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1alpha1
- schema:
- openAPIV3Schema:
- description: |-
- Project is a resource type that reconciles to a specially labeled namespace
- and other TODO: TBD project-level resources.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: |-
- Spec describes a Project.
-
- Deprecated: Create a ProjectConfig resource with the same name as the
- Project resource in the Project's namespace. The ProjectConfig resource
- can be used to configure the Project.
- properties:
- promotionPolicies:
+ webhookReceivers:
description: |-
- PromotionPolicies defines policies governing the promotion of Freight to
- specific Stages within the Project.
+ WebhookReceivers describes Project-specific webhook receivers used for
+ processing events from various external platforms
items:
description: |-
- PromotionPolicy defines policies governing the promotion of Freight to a
- specific Stage.
+ WebhookReceiverConfig describes the configuration for a single webhook
+ receiver.
properties:
- autoPromotionEnabled:
+ artifactory:
description: |-
- AutoPromotionEnabled indicates whether new Freight can automatically be
- promoted into the Stage referenced by the Stage field. Note: There are may
- be other conditions also required for an auto-promotion to occur. This
- field defaults to false, but is commonly set to true for Stages that
- subscribe to Warehouses instead of other, upstream Stages. This allows
- users to define Stages that are automatically updated as soon as new
- artifacts are detected.
- type: boolean
- stage:
+ Artifactory contains the configuration for a webhook receiver that is
+ compatible with JFrog Artifactory payloads.
+ properties:
+ secretRef:
+ description: |-
+ SecretRef contains a reference to a Secret. For Project-scoped webhook
+ receivers, the referenced Secret must be in the same namespace as the
+ ProjectConfig.
+
+ For cluster-scoped webhook receivers, the referenced Secret must be in the
+ designated "cluster Secrets" namespace.
+
+ The Secret's data map is expected to contain a `secret-token` key whose
+ value is the shared secret used to authenticate the webhook requests sent
+ by JFrog Artifactory. For more information please refer to the JFrog
+ Artifactory documentation:
+ https://jfrog.com/help/r/jfrog-platform-administration-documentation/webhooks
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - secretRef
+ type: object
+ azure:
description: |-
- Stage is the name of the Stage to which this policy applies.
+ Azure contains the configuration for a webhook receiver that is compatible
+ with Azure Container Registry (ACR) and Azure DevOps payloads.
+ properties:
+ secretRef:
+ description: "SecretRef contains a reference to a Secret.
+ For Project-scoped webhook\nreceivers, the referenced
+ Secret must be in the same namespace as the\nProjectConfig.\n\nFor
+ cluster-scoped webh
⚠️⚠️⚠️ Diff is too long. Truncated to 65536 characters. This can be adjusted with the `--max-diff-length` flag |
renovate
bot
force-pushed
the
renovate/ghcr.io-akuity-kargo-charts-kargo-1.x
branch
16 times, most recently
from
2051b62 to
b2cac0a
Compare
renovate
bot
force-pushed
the
renovate/ghcr.io-akuity-kargo-charts-kargo-1.x
branch
3 times, most recently
from
fd3c0c1 to
1a07c58
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/ghcr.io-akuity-kargo-charts-kargo-1.x
branch
6 times, most recently
from
5651a96 to
57dfdf3
Compare
renovate
bot
force-pushed
the
renovate/ghcr.io-akuity-kargo-charts-kargo-1.x
branch
4 times, most recently
from
6938d1a to
9e18650
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/ghcr.io-akuity-kargo-charts-kargo-1.x
branch
3 times, most recently
from
479703f to
d5a4759
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/ghcr.io-akuity-kargo-charts-kargo-1.x
branch
4 times, most recently
from
e95c692 to
3204d23
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/ghcr.io-akuity-kargo-charts-kargo-1.x
branch
14 times, most recently
from
61813eb to
f2d8637
Compare
renovate
bot
force-pushed
the
renovate/ghcr.io-akuity-kargo-charts-kargo-1.x
branch
from
f2d8637 to
bc1b1ed
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.5.3->1.7.2Release Notes
akuity/kargo (ghcr.io/akuity/kargo-charts/kargo)
v1.7.2Compare Source
What's Changed
Full Changelog: akuity/kargo@v1.7.1...v1.7.2
v1.7.1Compare Source
What's Changed
Full Changelog: akuity/kargo@v1.7.0...v1.7.1
v1.7.0Compare Source
🚀 The Kargo team is excited to bring you v1.7.0, which expands Kargo's integration capabilities with new webhook receivers and Promotion steps!
As announced in our
v1.5.0release notes, several deprecated features have been removed in this release.specfield has been removed from the Project CRD in favor of the ProjectConfig CRD.secretsmap has been removed from the Promotion variables. The better performingsecret()function should be used instead.git-open-prstep no longer produces output with the keyprNumber. The same information is available in thepr.idoutput, with other information about the PR available in theprobject.gitRepoURLfield has been removed from a Warehouse's container image subscription. This information is now retrieved from OCI annotations instead of being specified directly by the user.Other breaking changes:
httpstep's determination of success / failure / indeterminate (retry) is now more intuitive. It aligns with how people thought it worked before, but is a change from how it actually worked. Refer to the documentation for more details.The Warehouse's container image subscription's
semverConstraintfield is now deprecated and scheduled for removal in the v1.9.0 release. Use the new, more genericconstraintfield. It will accept a semantic version constraint string if the image selection strategy isSemVer(the default).✨ New Features
🪝 Webhook Receivers
The webhook receivers introduced in v1.6.0 have been enhanced in this release to improve their performance. From now on, webhook receivers will not unnecessarily refresh a Warehouse (triggering artifact discovery) if the tag, version or references extracted from the payload would be ignored by the Warehouse's subscription.
Additionally, support for the following webhook receivers has been added:
🪜 New and Updated Promotion Steps
To allow Promotions to work with more types of artifacts, two new Promotion steps have been added in this release:
oci-download: With this step, you can download an OCI artifact from a remote registry and use it in your Promotion. This is for example useful to download a Helm chart from a remote OCI registry and use it with thehelm-templatestep.http-download: This step allows you to download any file from a remote HTTP server and use it in your Promotion.Additionally, the following improvements have been made to existing Promotion steps:
helm-templatenow supports configuring anoutLayoutto control the output directory structure of rendered Helm charts. By setting it toflat, the rendered chart will be output in a flat directory structure instead of Helm's default nested structure.helm-update-chartdoes not require thechartsfield to be set anymore. If it is not set, the chart dependencies will be updated according to the SemVer constraints specified in theChart.yamlfile.🖥️ UI Improvements
🛠️ Other Notable Changes
org.opencontainers.image.createdororg.label-schema.build-dateannotation set, Kargo will now use that date as the image's creation date instead of the creation time set on the image itself. This resolves issues where layer caching could cause newer images to appear older than they actually are, leading to inconsistent image selection behavior. (Thanks to @bmbferreira for this contribution!)kargo-project-creatorServiceAccount that automatically grants Project creators admin permissions on their created Projects. This enables users to create, manage, and delete their own Projects without requiring manual admin intervention for permission setup.controller.isDefaultconfiguration option that allows a single controller instance to process both shard-specific resources and unassigned resources simultaneously, providing more flexibility in multi-controller deployments.kargo-promoterrole is now automatically created in each Project namespace, enabling a "release manager" pattern where users can control the timing of releases without having the ability to modify pipelines. The promoter role grants permissions to promote Stages and create Promotions while restricting access to create, update, or delete core pipeline resources like Stages and Warehouses.offline_accessscope, and tolerance for trailing slashes in OIDC issuer URLs. (Thanks to @02strich for this contribution!)🙏 New Contributors
As always, we would love to thank all first-time community contributors for their efforts! This release includes contributions from:
Full Changelog: akuity/kargo@v1.6.2...v1.7.0
v1.6.2Compare Source
What's Changed
Cluster->ClusterConfigby @akuitybot in https://github.com/akuity/kargo/pull/4656httpwithout header by @hiddeco in https://github.com/akuity/kargo/pull/4721Full Changelog: akuity/kargo@v1.6.1...v1.6.2
v1.6.1Compare Source
What's Changed
Full Changelog: akuity/kargo@v1.6.0...v1.6.1
v1.6.0Compare Source
The Kargo team is excited to bring you v1.6.0, which delivers several eagerly anticipated features! Let's take a look!
🆕 What's New?
🪝 Webhooks
In Kargo's initial prototype nearly three years ago, we relied exclusively on webhook requests sent by external platforms like GitHub or Docker Hub to inform Kargo of the existence of new artifacts. As anyone who's worked with webhooks before likely knows, webhooks are not an entirely reliable means of notification. If your server is down, a missed notification is missed forever.☹️ It wasn't long before we changed our approach to Warehouses that periodically poll for new artifacts in a process we call "discovery." Although more reliable, discovery can be very inefficient. Even with aggressive caching on the Kargo side, architectural idiosyncrasies of OCI registries (used for container images or Helm charts) can make discovery a very "chatty" process. ☎️ Given that Kargo can execute a finite number of these processes concurrently and given that many OCI registries aggressively enforcement rate limits, system-wide performance of Warehouses can be quite... slow. 🐌 Although Warehouses poll for new artifacts every five minutes (by default) under nominal conditions, poor Warehouse performance could result in much, much longer intervals before Kargo effectively notices new artifacts.
One can easily see why it would be desirable to avoid executing discovery processes frequently if occurrences of those processes actually finding new artifacts is, comparatively, infrequent. So, counter-intuitively, configuring Warehouses to execute their discovery processes less frequently could improve system-wide performance -- at the expense of individual Warehouses still not noticing new artifacts any faster than before.
The ideal solution to this conundrum is for scheduled discovery to occur at much greater intervals (i.e. much less frequently), but for Warehouses to be notified when an ad-hoc discovery process would be guaranteed to find new artifacts (which we do not wish to depend upon exclusively since such notifications are less reliable). Thus, Kargo v1.6.0's "anchor feature" is the introduction of robust webhook support. ⚓️
Webhook receivers for popular Git hosting platforms and OCI registries are easily configured at the Project level (using the
ProjectConfigresource introduced in v1.5.0) or at the system level using a brand newClusterConfigresource. A webhook receiver configured at the Project level will prompt Warehouses within the Project to execute discovery of new artifacts only if they are subscribed to the repository from which an inbound webhook request originated. A receiver configured at the system level will do the same for Warehouses across all Projects. These receivers make it practical for Project admins and Kargo system admins alike to reduce the frequency of discovery processes that are less likely to find new artifacts and still execute a discovery process promptly when new artifacts are guaranteed to be found.v1.6.0 delivers webhook receivers for the following platforms, with more to come in future releases:
For general information and "how-tos" pertaining to webhook receivers, refer to Kargo's Working with Warehouses documentation. Individual receivers each have their own reference documentation as well.
main), a webhook request notifying Kargo of a push event to that repository will trigger that Warehouse's artifact discovery process even if the push were to some other branch (for example, a feature branch or Stage-specific "rendered" branch). The same applies to container image repositories. If, for instance, a Warehouse subscribes to semantically versioned images in some repository, but is notified that an image tagged non-semantically has been pushed, that Warehouse's discovery process will still execute. Depending on the level of activity in your repositories, you may wish not to use this feature yet. The Kargo team is intent on optimizing our webhook support in the v1.7.0 timeframe so that details of a Warehouse's subscriptions are utilized to filter events and prevent unnecessarily triggering discovery processes.💥 We are just getting started where webhooks are concerned. With the general framework now in place for receiving and acting on notifications from external systems, we intend to speed up other parts of Kargo. For instance, we may begin using notifications of PRs being merged (or closed unmerged) to resume any applicable Promotion currently paused on a
git-wait-for-prstep.🎂 Other Features
With the Kargo team having been so intently focused on webhooks, all the other features are the icing on the proverbial cake. But this frosting is tasty!
Here is a non-exhaustive list of notable features included in this release:
Stages with a single upstream Stage now have an option in the UI to promote whatever Freight is present in the upstream. (Think of this as "pulling" from upstream.)
When promoting Freight to a Stage using the UI, remaining soak time before a given promotion is permitted is now displayed (when applicable).
For Kargo instances authenticating users via Open ID Connect, all claims from a logged-in user's identity token are now visible to that user on the user page. This is expected to be helpful to users and administrators alike when troubleshooting permission problems.
ProjectConfigresources introduced in v1.5.0 can now be created, edited, and deleted via the UI. The newly introducedClusterConfigresources can also be managed through the UI.ConfigMapresources can now be created, edited, and deleted using the UI.Warehouse subscriptions to Git repositories may now utilize expressions to to select or ignore commits on the basis of commit metadata.
Beta: Kubernetes namespaces "adopted" by Kargo Projects can be configured to be retained (instead of deleted), when the Project is deleted.
🚨 Breaking Changes
git-commitpromotion step will now complete with aSkippedstatus instead ofSucceededif it detects there no diffs in the working tree.None
🙏 First Time Contributors
As always, we would love to thank all first-time community contributors for their efforts! This release includes contributions from:
Full Changelog: akuity/kargo@v1.5.3...v1.6.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.