Oci-repository
Parameters
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| interval | string | Yes | Interval at which the OCIRepository URL is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources. | |
| url | string | Yes | URL is a reference to an OCI artifact repository hosted on a remote container registry. | |
| annotations | map | No | Annotations for the workload | |
| certSecretRef | object | No | CertSecretRef can be given the name of a Secret containing either or both of - a PEM-encoded client certificate ( | |
| ignore | string | No | Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are. | |
| insecure | boolean | No | Insecure allows connecting to a non-TLS HTTP container registry. | |
| labels | map | No | Labels for the workload | |
| layerSelector | object | No | LayerSelector specifies which layer should be extracted from the OCI artifact. When not specified, the first layer found in the artifact is selected. | |
| provider | string | No |
| The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. When not specified, defaults to 'generic'. |
| proxySecretRef | object | No | ProxySecretRef specifies the Secret containing the proxy configuration to use while communicating with the container registry. | |
| ref | object | No | The OCI reference to pull and monitor for changes, defaults to the latest tag. | |
| secretRef | object | No | SecretRef contains the secret name containing the registry login credentials to resolve image metadata. The secret must be of type kubernetes.io/dockerconfigjson. | |
| serviceAccountName | string | No | ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate the image pull if the service account has attached pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account | |
| suspend | boolean | No | This flag tells the controller to suspend the reconciliation of this source. | |
| timeout | string | No |
| The timeout for remote OCI Repository operations like pulling, defaults to 60s. |
| verify | object | No | Verify contains the secret name containing the trusted public keys used to verify the signature and specifies which provider to use to check whether OCI image is authentic. |
Template
The following tabs display the definition's Cue template and the rendered YAML. The rendered YAML is the output of the Cue template when the definition is applied to a cluster.