Helm-repository

TypeComponent

Parameters

Parameter	Type	Required	Default	Description
url	string	Yes		URL of the Helm repository, a valid URL contains at least a protocol and host.
accessFrom	object	No		AccessFrom specifies an Access Control List for allowing cross-namespace references to this object. NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
annotations	map	No		Annotations for the workload
certSecretRef	object	No		CertSecretRef can be given the name of a Secret containing either or both of - a PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) and whichever are supplied, will be used for connecting to the registry. The client cert and key are useful if you are authenticating with a certificate; the CA cert is useful if you are using a self-signed server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. It takes precedence over the values specified in the Secret referred to by `.spec.secretRef`.
insecure	boolean	No		Insecure allows connecting to a non-TLS HTTP container registry. This field is only taken into account if the .spec.type field is set to 'oci'.
interval	string	No		Interval at which the HelmRepository URL is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources.
labels	map	No		Labels for the workload
passCredentials	boolean	No		PassCredentials allows the credentials from the SecretRef to be passed on to a host that does not match the host as defined in URL. This may be required if the host of the advertised chart URLs in the index differ from the defined URL. Enabling this should be done with caution, as it can potentially result in credentials getting stolen in a MITM-attack.
provider	string	No	`"generic"`	Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. This field is optional, and only taken into account if the .spec.type field is set to 'oci'. When not specified, defaults to 'generic'.
secretRef	object	No		SecretRef specifies the Secret containing authentication credentials for the HelmRepository. For HTTP/S basic auth the secret must contain 'username' and 'password' fields. Support for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated. Please use `.spec.certSecretRef` instead.
suspend	boolean	No		Suspend tells the controller to suspend the reconciliation of this HelmRepository.
timeout	string	No	`"60s"`	Timeout is used for the index fetch operation for an HTTPS helm repository, and for remote OCI Repository operations like pulling for an OCI helm chart by the associated HelmChart. Its default value is 60s.
type	string	No	`"default"`	Type of the HelmRepository. When this field is set to "oci", the URL field value must be prefixed with "oci://".

Template

The following tabs display the definition's Cue template and the rendered YAML. The rendered YAML is the output of the Cue template when the definition is applied to a cluster.

helmrepository: { type: "component" description: "HelmRepository is the Schema for the helmrepositories API." labels: { "componentdefinition.spectrocloud.com/type": "application" "wl.spectrocloud.com/provider": "source.toolkit.fluxcd.io" "definition.spectrocloud.com/category": "Flux" } attributes: { status: { healthPolicy: { ready: { readyCondition: *false | bool } & { if context.output.status.conditions != _|_ { for condition in context.output.status.conditions { if condition.type == "Ready" && condition.status == "True" { readyCondition: true } } } } _isHealth: ready.readyCondition isHealth: *_isHealth | bool if context.output.metadata.annotations != _|_ { if context.output.metadata.annotations["wl.spectrocloud.com/disable-health-check"] != _|_ { isHealth: true } } } } } } template: { output: { apiVersion: "source.toolkit.fluxcd.io/v1" kind: "HelmRepository" metadata: { labels: { if parameter.labels != _|_ { parameter.labels } "wl.spectrocloud.com/name": context.workloadName "wl.spectrocloud.com/component": context.name } if parameter.annotations != _|_ { annotations: parameter.annotations } } spec: { if parameter.accessFrom != _|_ { accessFrom: parameter.accessFrom } if parameter.certSecretRef != _|_ { certSecretRef: parameter.certSecretRef } if parameter.insecure != _|_ { insecure: parameter.insecure } if parameter.interval != _|_ { interval: parameter.interval } if parameter.passCredentials != _|_ { passCredentials: parameter.passCredentials } if parameter.provider != _|_ { provider: parameter.provider } if parameter.secretRef != _|_ { secretRef: parameter.secretRef } if parameter.suspend != _|_ { suspend: parameter.suspend } if parameter.timeout != _|_ { timeout: parameter.timeout } if parameter.type != _|_ { type: parameter.type } url: parameter.url } } parameter: { // +usage=Annotations for the workload annotations?: [string]: string // +usage=Labels for the workload labels?: [string]: string // +usage=AccessFrom specifies an Access Control List for allowing cross-namespace references to this object. NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092 accessFrom?: { // +usage=NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation. namespaceSelectors: [...{ // +usage=MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. matchLabels?: [string]: string }] } // +usage=CertSecretRef can be given the name of a Secret containing either or both of - a PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) and whichever are supplied, will be used for connecting to the registry. The client cert and key are useful if you are authenticating with a certificate; the CA cert is useful if you are using a self-signed server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. It takes precedence over the values specified in the Secret referred to by `.spec.secretRef`. certSecretRef?: { // +usage=Name of the referent. name: string } // +usage=Insecure allows connecting to a non-TLS HTTP container registry. This field is only taken into account if the .spec.type field is set to 'oci'. insecure?: bool // +usage=Interval at which the HelmRepository URL is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources. interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" // +usage=PassCredentials allows the credentials from the SecretRef to be passed on to a host that does not match the host as defined in URL. This may be required if the host of the advertised chart URLs in the index differ from the defined URL. Enabling this should be done with caution, as it can potentially result in credentials getting stolen in a MITM-attack. passCredentials?: bool // +usage=Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. This field is optional, and only taken into account if the .spec.type field is set to 'oci'. When not specified, defaults to 'generic'. provider?: *"generic" | "aws" | "azure" | "gcp" // +usage=SecretRef specifies the Secret containing authentication credentials for the HelmRepository. For HTTP/S basic auth the secret must contain 'username' and 'password' fields. Support for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated. Please use `.spec.certSecretRef` instead. secretRef?: { // +usage=Name of the referent. name: string } // +usage=Suspend tells the controller to suspend the reconciliation of this HelmRepository. suspend?: bool // +usage=Timeout is used for the index fetch operation for an HTTPS helm repository, and for remote OCI Repository operations like pulling for an OCI helm chart by the associated HelmChart. Its default value is 60s. timeout?: *"60s" | =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$" // +usage=Type of the HelmRepository. When this field is set to "oci", the URL field value must be prefixed with "oci://". type?: *"default" | "oci" // +usage=URL of the Helm repository, a valid URL contains at least a protocol and host. url: =~"^(http|https|oci)://.*$" } }

Parameters​

Template​

Parameters

Template