diff --git a/config.yaml b/config.yaml
index 5b79bba9b..edd40d0b5 100644
--- a/config.yaml
+++ b/config.yaml
@@ -90,7 +90,7 @@ security:
# Global parameters accessible by any Page
params:
# The current "latest" version. Used in the version dropdown
- latest: "2.0"
+ latest: "2.1"
docs: true
anchors:
# Generate heading anchors for any heading between min and max
diff --git a/content/master/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml b/content/master/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml
index 3e34b2fe6..e5fc9eb93 100644
--- a/content/master/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml
+++ b/content/master/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: compositeresourcedefinitions.apiextensions.crossplane.io
spec:
group: apiextensions.crossplane.io
diff --git a/content/master/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml b/content/master/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml
index 69f026ccd..423193803 100644
--- a/content/master/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml
+++ b/content/master/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: compositionrevisions.apiextensions.crossplane.io
spec:
group: apiextensions.crossplane.io
diff --git a/content/master/api/crds/apiextensions.crossplane.io_compositions.yaml b/content/master/api/crds/apiextensions.crossplane.io_compositions.yaml
index 3bfe167e7..0ef1b95a8 100644
--- a/content/master/api/crds/apiextensions.crossplane.io_compositions.yaml
+++ b/content/master/api/crds/apiextensions.crossplane.io_compositions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: compositions.apiextensions.crossplane.io
spec:
group: apiextensions.crossplane.io
diff --git a/content/master/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml b/content/master/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml
index 6e5fdb760..8e2c446f8 100644
--- a/content/master/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml
+++ b/content/master/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: environmentconfigs.apiextensions.crossplane.io
spec:
group: apiextensions.crossplane.io
diff --git a/content/master/api/crds/apiextensions.crossplane.io_managedresourceactivationpolicies.yaml b/content/master/api/crds/apiextensions.crossplane.io_managedresourceactivationpolicies.yaml
index 73a4eced7..5b837f1bf 100644
--- a/content/master/api/crds/apiextensions.crossplane.io_managedresourceactivationpolicies.yaml
+++ b/content/master/api/crds/apiextensions.crossplane.io_managedresourceactivationpolicies.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: managedresourceactivationpolicies.apiextensions.crossplane.io
spec:
group: apiextensions.crossplane.io
diff --git a/content/master/api/crds/apiextensions.crossplane.io_managedresourcedefinitions.yaml b/content/master/api/crds/apiextensions.crossplane.io_managedresourcedefinitions.yaml
index a4f119fa2..e3c6baa7e 100644
--- a/content/master/api/crds/apiextensions.crossplane.io_managedresourcedefinitions.yaml
+++ b/content/master/api/crds/apiextensions.crossplane.io_managedresourcedefinitions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: managedresourcedefinitions.apiextensions.crossplane.io
spec:
group: apiextensions.crossplane.io
diff --git a/content/master/api/crds/apiextensions.crossplane.io_usages.yaml b/content/master/api/crds/apiextensions.crossplane.io_usages.yaml
index c3b6afe5c..45264daad 100644
--- a/content/master/api/crds/apiextensions.crossplane.io_usages.yaml
+++ b/content/master/api/crds/apiextensions.crossplane.io_usages.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: usages.apiextensions.crossplane.io
spec:
group: apiextensions.crossplane.io
diff --git a/content/master/api/crds/ops.crossplane.io_cronoperations.yaml b/content/master/api/crds/ops.crossplane.io_cronoperations.yaml
index a51e11fa4..5808978fe 100644
--- a/content/master/api/crds/ops.crossplane.io_cronoperations.yaml
+++ b/content/master/api/crds/ops.crossplane.io_cronoperations.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: cronoperations.ops.crossplane.io
spec:
group: ops.crossplane.io
diff --git a/content/master/api/crds/ops.crossplane.io_operations.yaml b/content/master/api/crds/ops.crossplane.io_operations.yaml
index 0b30a0860..86f550dd5 100644
--- a/content/master/api/crds/ops.crossplane.io_operations.yaml
+++ b/content/master/api/crds/ops.crossplane.io_operations.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: operations.ops.crossplane.io
spec:
group: ops.crossplane.io
diff --git a/content/master/api/crds/ops.crossplane.io_watchoperations.yaml b/content/master/api/crds/ops.crossplane.io_watchoperations.yaml
index d922d3246..e64980419 100644
--- a/content/master/api/crds/ops.crossplane.io_watchoperations.yaml
+++ b/content/master/api/crds/ops.crossplane.io_watchoperations.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: watchoperations.ops.crossplane.io
spec:
group: ops.crossplane.io
diff --git a/content/master/api/crds/pkg.crossplane.io_configurationrevisions.yaml b/content/master/api/crds/pkg.crossplane.io_configurationrevisions.yaml
index 94d2a2883..68d753155 100644
--- a/content/master/api/crds/pkg.crossplane.io_configurationrevisions.yaml
+++ b/content/master/api/crds/pkg.crossplane.io_configurationrevisions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: configurationrevisions.pkg.crossplane.io
spec:
group: pkg.crossplane.io
diff --git a/content/master/api/crds/pkg.crossplane.io_configurations.yaml b/content/master/api/crds/pkg.crossplane.io_configurations.yaml
index 0501fcb48..784ae97b7 100644
--- a/content/master/api/crds/pkg.crossplane.io_configurations.yaml
+++ b/content/master/api/crds/pkg.crossplane.io_configurations.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: configurations.pkg.crossplane.io
spec:
group: pkg.crossplane.io
diff --git a/content/master/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml b/content/master/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml
index 95ca3a620..0b5db2149 100644
--- a/content/master/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml
+++ b/content/master/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: deploymentruntimeconfigs.pkg.crossplane.io
spec:
group: pkg.crossplane.io
@@ -840,8 +840,8 @@ spec:
most preferred is the one with the greatest sum of weights, i.e.
for each node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ compute a sum by iterating through the elements of this field and subtracting
+ "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched
@@ -1245,8 +1245,9 @@ spec:
variable present in a Container.
properties:
name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
+ description: |-
+ Name of the environment variable.
+ May consist of any printable ASCII characters except '='.
type: string
value:
description: |-
@@ -1308,6 +1309,43 @@ spec:
- fieldPath
type: object
x-kubernetes-map-type: atomic
+ fileKeyRef:
+ description: |-
+ FileKeyRef selects a key of the env file.
+ Requires the EnvFiles feature gate to be enabled.
+ properties:
+ key:
+ description: |-
+ The key within the env file. An invalid key will prevent the pod from starting.
+ The keys defined within a source may consist of any printable ASCII characters except '='.
+ During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
+ type: string
+ optional:
+ default: false
+ description: |-
+ Specify whether the file or its key must be defined. If the file or key
+ does not exist, then the env var is not published.
+ If optional is set to true and the specified key does not exist,
+ the environment variable will not be set in the Pod's containers.
+
+ If optional is set to false and the specified key does not exist,
+ an error will be returned during Pod creation.
+ type: boolean
+ path:
+ description: |-
+ The path within the volume from which to select the file.
+ Must be relative and may not contain the '..' path or start with '..'.
+ type: string
+ volumeName:
+ description: The name of the volume
+ mount containing the env file.
+ type: string
+ required:
+ - key
+ - path
+ - volumeName
+ type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
@@ -1372,8 +1410,8 @@ spec:
envFrom:
description: |-
List of sources to populate environment variables in the container.
- The keys defined within a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container is starting. When a key exists in multiple
+ The keys defined within a source may consist of any printable ASCII characters except '='.
+ When a key exists in multiple
sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence.
Cannot be updated.
@@ -1400,9 +1438,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
prefix:
- description: Optional text to prepend
- to the name of each environment variable.
- Must be a C_IDENTIFIER.
+ description: |-
+ Optional text to prepend to the name of each environment variable.
+ May consist of any printable ASCII characters except '='.
type: string
secretRef:
description: The Secret to select from
@@ -2100,7 +2138,7 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
- This is an alpha field and requires enabling the
+ This field depends on the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
@@ -2155,10 +2193,10 @@ spec:
restartPolicy:
description: |-
RestartPolicy defines the restart behavior of individual containers in a pod.
- This field may only be set for init containers, and the only allowed value is "Always".
- For non-init containers or when this field is not specified,
+ This overrides the pod-level restart policy. When this field is not specified,
the restart behavior is defined by the Pod's restart policy and the container type.
- Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ Additionally, setting the RestartPolicy as "Always" for the init container will
+ have the following effect:
this init container will be continually restarted on
exit until all regular containers have terminated. Once all regular
containers have completed, all init containers with restartPolicy "Always"
@@ -2170,6 +2208,59 @@ spec:
init container is started, or after any startupProbe has successfully
completed.
type: string
+ restartPolicyRules:
+ description: |-
+ Represents a list of rules to be checked to determine if the
+ container should be restarted on exit. The rules are evaluated in
+ order. Once a rule matches a container exit condition, the remaining
+ rules are ignored. If no rule matches the container exit condition,
+ the Container-level restart policy determines the whether the container
+ is restarted or not. Constraints on the rules:
+ - At most 20 rules are allowed.
+ - Rules can have the same action.
+ - Identical rules are not forbidden in validations.
+ When rules are specified, container MUST set RestartPolicy explicitly
+ even it if matches the Pod's RestartPolicy.
+ items:
+ description: ContainerRestartRule describes
+ how a container exit is handled.
+ properties:
+ action:
+ description: |-
+ Specifies the action taken on a container exit if the requirements
+ are satisfied. The only possible value is "Restart" to restart the
+ container.
+ type: string
+ exitCodes:
+ description: Represents the exit codes
+ to check on container exits.
+ properties:
+ operator:
+ description: |-
+ Represents the relationship between the container exit code(s) and the
+ specified values. Possible values are:
+ - In: the requirement is satisfied if the container exit code is in the
+ set of specified values.
+ - NotIn: the requirement is satisfied if the container exit code is
+ not in the set of specified values.
+ type: string
+ values:
+ description: |-
+ Specifies the set of values to check for container exit codes.
+ At most 255 elements are allowed.
+ items:
+ format: int32
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ required:
+ - operator
+ type: object
+ required:
+ - action
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
securityContext:
description: |-
SecurityContext defines the security options the container should be run with.
@@ -2797,8 +2888,9 @@ spec:
variable present in a Container.
properties:
name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
+ description: |-
+ Name of the environment variable.
+ May consist of any printable ASCII characters except '='.
type: string
value:
description: |-
@@ -2860,6 +2952,43 @@ spec:
- fieldPath
type: object
x-kubernetes-map-type: atomic
+ fileKeyRef:
+ description: |-
+ FileKeyRef selects a key of the env file.
+ Requires the EnvFiles feature gate to be enabled.
+ properties:
+ key:
+ description: |-
+ The key within the env file. An invalid key will prevent the pod from starting.
+ The keys defined within a source may consist of any printable ASCII characters except '='.
+ During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
+ type: string
+ optional:
+ default: false
+ description: |-
+ Specify whether the file or its key must be defined. If the file or key
+ does not exist, then the env var is not published.
+ If optional is set to true and the specified key does not exist,
+ the environment variable will not be set in the Pod's containers.
+
+ If optional is set to false and the specified key does not exist,
+ an error will be returned during Pod creation.
+ type: boolean
+ path:
+ description: |-
+ The path within the volume from which to select the file.
+ Must be relative and may not contain the '..' path or start with '..'.
+ type: string
+ volumeName:
+ description: The name of the volume
+ mount containing the env file.
+ type: string
+ required:
+ - key
+ - path
+ - volumeName
+ type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
@@ -2924,8 +3053,8 @@ spec:
envFrom:
description: |-
List of sources to populate environment variables in the container.
- The keys defined within a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container is starting. When a key exists in multiple
+ The keys defined within a source may consist of any printable ASCII characters except '='.
+ When a key exists in multiple
sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence.
Cannot be updated.
@@ -2952,9 +3081,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
prefix:
- description: Optional text to prepend
- to the name of each environment variable.
- Must be a C_IDENTIFIER.
+ description: |-
+ Optional text to prepend to the name of each environment variable.
+ May consist of any printable ASCII characters except '='.
type: string
secretRef:
description: The Secret to select from
@@ -3635,7 +3764,7 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
- This is an alpha field and requires enabling the
+ This field depends on the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
@@ -3691,9 +3820,53 @@ spec:
description: |-
Restart policy for the container to manage the restart behavior of each
container within a pod.
- This may only be set for init containers. You cannot set this field on
- ephemeral containers.
+ You cannot set this field on ephemeral containers.
type: string
+ restartPolicyRules:
+ description: |-
+ Represents a list of rules to be checked to determine if the
+ container should be restarted on exit. You cannot set this field on
+ ephemeral containers.
+ items:
+ description: ContainerRestartRule describes
+ how a container exit is handled.
+ properties:
+ action:
+ description: |-
+ Specifies the action taken on a container exit if the requirements
+ are satisfied. The only possible value is "Restart" to restart the
+ container.
+ type: string
+ exitCodes:
+ description: Represents the exit codes
+ to check on container exits.
+ properties:
+ operator:
+ description: |-
+ Represents the relationship between the container exit code(s) and the
+ specified values. Possible values are:
+ - In: the requirement is satisfied if the container exit code is in the
+ set of specified values.
+ - NotIn: the requirement is satisfied if the container exit code is
+ not in the set of specified values.
+ type: string
+ values:
+ description: |-
+ Specifies the set of values to check for container exit codes.
+ At most 255 elements are allowed.
+ items:
+ format: int32
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ required:
+ - operator
+ type: object
+ required:
+ - action
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
securityContext:
description: |-
Optional: SecurityContext defines the security options the ephemeral container should be run with.
@@ -4240,7 +4413,9 @@ spec:
hostNetwork:
description: |-
Host networking requested for this pod. Use the host's network namespace.
- If this option is set, the ports that will be used must be specified.
+ When using HostNetwork you should specify ports so the scheduler is aware.
+ When `hostNetwork` is true, specified `hostPort` fields in port definitions must match `containerPort`,
+ and unspecified `hostPort` fields in port definitions are defaulted to match `containerPort`.
Default to false.
type: boolean
hostPID:
@@ -4265,6 +4440,19 @@ spec:
Specifies the hostname of the Pod
If not specified, the pod's hostname will be set to a system-defined value.
type: string
+ hostnameOverride:
+ description: |-
+ HostnameOverride specifies an explicit override for the pod's hostname as perceived by the pod.
+ This field only specifies the pod's hostname and does not affect its DNS records.
+ When this field is set to a non-empty string:
+ - It takes precedence over the values set in `hostname` and `subdomain`.
+ - The Pod's hostname will be set to this value.
+ - `setHostnameAsFQDN` must be nil or set to false.
+ - `hostNetwork` must be set to false.
+
+ This field must be a valid DNS subdomain as defined in RFC 1123 and contain at most 64 characters.
+ Requires the HostnameOverride feature gate to be enabled.
+ type: string
imagePullSecrets:
description: |-
ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
@@ -4348,8 +4536,9 @@ spec:
variable present in a Container.
properties:
name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
+ description: |-
+ Name of the environment variable.
+ May consist of any printable ASCII characters except '='.
type: string
value:
description: |-
@@ -4411,6 +4600,43 @@ spec:
- fieldPath
type: object
x-kubernetes-map-type: atomic
+ fileKeyRef:
+ description: |-
+ FileKeyRef selects a key of the env file.
+ Requires the EnvFiles feature gate to be enabled.
+ properties:
+ key:
+ description: |-
+ The key within the env file. An invalid key will prevent the pod from starting.
+ The keys defined within a source may consist of any printable ASCII characters except '='.
+ During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
+ type: string
+ optional:
+ default: false
+ description: |-
+ Specify whether the file or its key must be defined. If the file or key
+ does not exist, then the env var is not published.
+ If optional is set to true and the specified key does not exist,
+ the environment variable will not be set in the Pod's containers.
+
+ If optional is set to false and the specified key does not exist,
+ an error will be returned during Pod creation.
+ type: boolean
+ path:
+ description: |-
+ The path within the volume from which to select the file.
+ Must be relative and may not contain the '..' path or start with '..'.
+ type: string
+ volumeName:
+ description: The name of the volume
+ mount containing the env file.
+ type: string
+ required:
+ - key
+ - path
+ - volumeName
+ type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
@@ -4475,8 +4701,8 @@ spec:
envFrom:
description: |-
List of sources to populate environment variables in the container.
- The keys defined within a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container is starting. When a key exists in multiple
+ The keys defined within a source may consist of any printable ASCII characters except '='.
+ When a key exists in multiple
sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence.
Cannot be updated.
@@ -4503,9 +4729,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
prefix:
- description: Optional text to prepend
- to the name of each environment variable.
- Must be a C_IDENTIFIER.
+ description: |-
+ Optional text to prepend to the name of each environment variable.
+ May consist of any printable ASCII characters except '='.
type: string
secretRef:
description: The Secret to select from
@@ -5203,7 +5429,7 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
- This is an alpha field and requires enabling the
+ This field depends on the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
@@ -5258,10 +5484,10 @@ spec:
restartPolicy:
description: |-
RestartPolicy defines the restart behavior of individual containers in a pod.
- This field may only be set for init containers, and the only allowed value is "Always".
- For non-init containers or when this field is not specified,
+ This overrides the pod-level restart policy. When this field is not specified,
the restart behavior is defined by the Pod's restart policy and the container type.
- Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ Additionally, setting the RestartPolicy as "Always" for the init container will
+ have the following effect:
this init container will be continually restarted on
exit until all regular containers have terminated. Once all regular
containers have completed, all init containers with restartPolicy "Always"
@@ -5273,6 +5499,59 @@ spec:
init container is started, or after any startupProbe has successfully
completed.
type: string
+ restartPolicyRules:
+ description: |-
+ Represents a list of rules to be checked to determine if the
+ container should be restarted on exit. The rules are evaluated in
+ order. Once a rule matches a container exit condition, the remaining
+ rules are ignored. If no rule matches the container exit condition,
+ the Container-level restart policy determines the whether the container
+ is restarted or not. Constraints on the rules:
+ - At most 20 rules are allowed.
+ - Rules can have the same action.
+ - Identical rules are not forbidden in validations.
+ When rules are specified, container MUST set RestartPolicy explicitly
+ even it if matches the Pod's RestartPolicy.
+ items:
+ description: ContainerRestartRule describes
+ how a container exit is handled.
+ properties:
+ action:
+ description: |-
+ Specifies the action taken on a container exit if the requirements
+ are satisfied. The only possible value is "Restart" to restart the
+ container.
+ type: string
+ exitCodes:
+ description: Represents the exit codes
+ to check on container exits.
+ properties:
+ operator:
+ description: |-
+ Represents the relationship between the container exit code(s) and the
+ specified values. Possible values are:
+ - In: the requirement is satisfied if the container exit code is in the
+ set of specified values.
+ - NotIn: the requirement is satisfied if the container exit code is
+ not in the set of specified values.
+ type: string
+ values:
+ description: |-
+ Specifies the set of values to check for container exit codes.
+ At most 255 elements are allowed.
+ items:
+ format: int32
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ required:
+ - operator
+ type: object
+ required:
+ - action
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
securityContext:
description: |-
SecurityContext defines the security options the container should be run with.
@@ -5813,6 +6092,7 @@ spec:
- spec.hostPID
- spec.hostIPC
- spec.hostUsers
+ - spec.resources
- spec.securityContext.appArmorProfile
- spec.securityContext.seLinuxOptions
- spec.securityContext.seccompProfile
@@ -5967,7 +6247,7 @@ spec:
description: |-
Resources is the total amount of CPU and Memory resources required by all
containers in the pod. It supports specifying Requests and Limits for
- "cpu" and "memory" resource names only. ResourceClaims are not supported.
+ "cpu", "memory" and "hugepages-" resource names only. ResourceClaims are not supported.
This field enables fine-grained control over resource allocation for the
entire pod, allowing resource sharing among containers in a pod.
@@ -5980,7 +6260,7 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
- This is an alpha field and requires enabling the
+ This field depends on the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
@@ -7288,15 +7568,13 @@ spec:
volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
If specified, the CSI driver will create or update the volume with the attributes defined
in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
- it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
- will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
- If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
- will be set by the persistentvolume controller if it exists.
+ it can be changed after the claim is created. An empty string or nil value indicates that no
+ VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state,
+ this field can be reset to its previous value (including nil) to cancel the modification.
If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
exists.
More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
- (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
type: string
volumeMode:
description: |-
@@ -7481,12 +7759,10 @@ spec:
description: |-
glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md
properties:
endpoints:
- description: |-
- endpoints is the endpoint name that details Glusterfs topology.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ description: endpoints is the endpoint name
+ that details Glusterfs topology.
type: string
path:
description: |-
@@ -7565,7 +7841,7 @@ spec:
description: |-
iscsi represents an ISCSI Disk resource that is attached to a
kubelet's host machine and then exposed to the pod.
- More info: https://examples.k8s.io/volumes/iscsi/README.md
+ More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi
properties:
chapAuthDiscovery:
description: chapAuthDiscovery defines whether
@@ -8009,6 +8285,112 @@ spec:
type: array
x-kubernetes-list-type: atomic
type: object
+ podCertificate:
+ description: |-
+ Projects an auto-rotating credential bundle (private key and certificate
+ chain) that the pod can use either as a TLS client or server.
+
+ Kubelet generates a private key and uses it to send a
+ PodCertificateRequest to the named signer. Once the signer approves the
+ request and issues a certificate chain, Kubelet writes the key and
+ certificate chain to the pod filesystem. The pod does not start until
+ certificates have been issued for each podCertificate projected volume
+ source in its spec.
+
+ Kubelet will begin trying to rotate the certificate at the time indicated
+ by the signer using the PodCertificateRequest.Status.BeginRefreshAt
+ timestamp.
+
+ Kubelet can write a single file, indicated by the credentialBundlePath
+ field, or separate files, indicated by the keyPath and
+ certificateChainPath fields.
+
+ The credential bundle is a single file in PEM format. The first PEM
+ entry is the private key (in PKCS#8 format), and the remaining PEM
+ entries are the certificate chain issued by the signer (typically,
+ signers will return their certificate chain in leaf-to-root order).
+
+ Prefer using the credential bundle format, since your application code
+ can read it atomically. If you use keyPath and certificateChainPath,
+ your application must make two separate file reads. If these coincide
+ with a certificate rotation, it is possible that the private key and leaf
+ certificate you read may not correspond to each other. Your application
+ will need to check for this condition, and re-read until they are
+ consistent.
+
+ The named signer controls chooses the format of the certificate it
+ issues; consult the signer implementation's documentation to learn how to
+ use the certificates it issues.
+ properties:
+ certificateChainPath:
+ description: |-
+ Write the certificate chain at this path in the projected volume.
+
+ Most applications should use credentialBundlePath. When using keyPath
+ and certificateChainPath, your application needs to check that the key
+ and leaf certificate are consistent, because it is possible to read the
+ files mid-rotation.
+ type: string
+ credentialBundlePath:
+ description: |-
+ Write the credential bundle at this path in the projected volume.
+
+ The credential bundle is a single file that contains multiple PEM blocks.
+ The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private
+ key.
+
+ The remaining blocks are CERTIFICATE blocks, containing the issued
+ certificate chain from the signer (leaf and any intermediates).
+
+ Using credentialBundlePath lets your Pod's application code make a single
+ atomic read that retrieves a consistent key and certificate chain. If you
+ project them to separate files, your application code will need to
+ additionally check that the leaf certificate was issued to the key.
+ type: string
+ keyPath:
+ description: |-
+ Write the key at this path in the projected volume.
+
+ Most applications should use credentialBundlePath. When using keyPath
+ and certificateChainPath, your application needs to check that the key
+ and leaf certificate are consistent, because it is possible to read the
+ files mid-rotation.
+ type: string
+ keyType:
+ description: |-
+ The type of keypair Kubelet will generate for the pod.
+
+ Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384",
+ "ECDSAP521", and "ED25519".
+ type: string
+ maxExpirationSeconds:
+ description: |-
+ maxExpirationSeconds is the maximum lifetime permitted for the
+ certificate.
+
+ Kubelet copies this value verbatim into the PodCertificateRequests it
+ generates for this projection.
+
+ If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver
+ will reject values shorter than 3600 (1 hour). The maximum allowable
+ value is 7862400 (91 days).
+
+ The signer implementation is then free to issue a certificate with any
+ lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600
+ seconds (1 hour). This constraint is enforced by kube-apiserver.
+ `kubernetes.io` signers will never issue certificates with a lifetime
+ longer than 24 hours.
+ format: int32
+ type: integer
+ signerName:
+ description: Kubelet's generated
+ CSRs will be addressed to this
+ signer.
+ type: string
+ required:
+ - keyType
+ - signerName
+ type: object
secret:
description: secret information about
the secret data to project
@@ -8146,7 +8528,6 @@ spec:
description: |-
rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported.
- More info: https://examples.k8s.io/volumes/rbd/README.md
properties:
fsType:
description: |-
diff --git a/content/master/api/crds/pkg.crossplane.io_functionrevisions.yaml b/content/master/api/crds/pkg.crossplane.io_functionrevisions.yaml
index b754dab21..9e9a10189 100644
--- a/content/master/api/crds/pkg.crossplane.io_functionrevisions.yaml
+++ b/content/master/api/crds/pkg.crossplane.io_functionrevisions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: functionrevisions.pkg.crossplane.io
spec:
group: pkg.crossplane.io
diff --git a/content/master/api/crds/pkg.crossplane.io_functions.yaml b/content/master/api/crds/pkg.crossplane.io_functions.yaml
index 804c7997d..c94c27c62 100644
--- a/content/master/api/crds/pkg.crossplane.io_functions.yaml
+++ b/content/master/api/crds/pkg.crossplane.io_functions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: functions.pkg.crossplane.io
spec:
group: pkg.crossplane.io
diff --git a/content/master/api/crds/pkg.crossplane.io_imageconfigs.yaml b/content/master/api/crds/pkg.crossplane.io_imageconfigs.yaml
index 4d0184e3f..0e22392cc 100644
--- a/content/master/api/crds/pkg.crossplane.io_imageconfigs.yaml
+++ b/content/master/api/crds/pkg.crossplane.io_imageconfigs.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: imageconfigs.pkg.crossplane.io
spec:
group: pkg.crossplane.io
diff --git a/content/master/api/crds/pkg.crossplane.io_locks.yaml b/content/master/api/crds/pkg.crossplane.io_locks.yaml
index fc8345957..b186027f3 100644
--- a/content/master/api/crds/pkg.crossplane.io_locks.yaml
+++ b/content/master/api/crds/pkg.crossplane.io_locks.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: locks.pkg.crossplane.io
spec:
group: pkg.crossplane.io
diff --git a/content/master/api/crds/pkg.crossplane.io_providerrevisions.yaml b/content/master/api/crds/pkg.crossplane.io_providerrevisions.yaml
index 6363ee59f..4a3188a4c 100644
--- a/content/master/api/crds/pkg.crossplane.io_providerrevisions.yaml
+++ b/content/master/api/crds/pkg.crossplane.io_providerrevisions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: providerrevisions.pkg.crossplane.io
spec:
group: pkg.crossplane.io
diff --git a/content/master/api/crds/pkg.crossplane.io_providers.yaml b/content/master/api/crds/pkg.crossplane.io_providers.yaml
index 8e68ca252..991d886b7 100644
--- a/content/master/api/crds/pkg.crossplane.io_providers.yaml
+++ b/content/master/api/crds/pkg.crossplane.io_providers.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: providers.pkg.crossplane.io
spec:
group: pkg.crossplane.io
diff --git a/content/master/api/crds/protection.crossplane.io_clusterusages.yaml b/content/master/api/crds/protection.crossplane.io_clusterusages.yaml
index b9b7b72f9..762eab8ba 100644
--- a/content/master/api/crds/protection.crossplane.io_clusterusages.yaml
+++ b/content/master/api/crds/protection.crossplane.io_clusterusages.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: clusterusages.protection.crossplane.io
spec:
group: protection.crossplane.io
diff --git a/content/master/api/crds/protection.crossplane.io_usages.yaml b/content/master/api/crds/protection.crossplane.io_usages.yaml
index dcbb829d4..aba92c408 100644
--- a/content/master/api/crds/protection.crossplane.io_usages.yaml
+++ b/content/master/api/crds/protection.crossplane.io_usages.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.18.0
+ controller-gen.kubebuilder.io/version: v0.19.0
name: usages.protection.crossplane.io
spec:
group: protection.crossplane.io
diff --git a/content/v1.19/_index.md b/content/v1.19/_index.md
deleted file mode 100644
index e949e6c05..000000000
--- a/content/v1.19/_index.md
+++ /dev/null
@@ -1,51 +0,0 @@
----
-title: "Overview"
-weight: -1
-cascade:
- version: "1.19"
----
-
-{{< img src="/media/banner.png" alt="Crossplane Popsicle Truck" size="large" >}}
-
-
-
-Crossplane is an open source Kubernetes extension that transforms your Kubernetes
-cluster into a **universal control plane**.
-
-Crossplane lets you manage anything, anywhere, all through standard Kubernetes
-APIs. Crossplane can even let you
-[order a pizza](https://blog.crossplane.io/providers-101-ordering-pizza-with-kubernetes-and-crossplane/)
-directly from Kubernetes. If it has an API, Crossplane can connect to it.
-
-With Crossplane, platform teams can create new abstractions and custom
-APIs with the full power of Kubernetes policies, namespaces, role based access
-controls and more. Crossplane brings all your non-Kubernetes resources under
-one roof.
-
-Custom APIs, created by platform teams, allow security and compliance
-enforcement across resources or clouds, without exposing any complexity to the
-developers. A single API call can create multiple resources, in multiple clouds
-and use Kubernetes as the control plane for everything.
-
-{{< hint "tip" >}}
-**What's a control plane?**
-
-Control planes create and manage the lifecycle of resources. Control planes
-constantly _check_ that the intended resources exist, _report_ when the intended
-state doesn't match reality and _act_ to make things right.
-
-Crossplane extends the Kubernetes control plane to be a **universal control
-plane** to check, report and act on any resource, anywhere.
-
-{{< /hint >}}
-
-
-# Get started
-* [Install Crossplane]({{[}}) in your Kubernetes cluster
-* Learn more about how Crossplane works in the
-[Crossplane introduction]({{][}})
-* Join the [Crossplane Slack](https://slack.crossplane.io/) and start a
-conversation with a community of over 7,000 operators.
-
-
-Crossplane is a [Cloud Native Compute Foundation](https://www.cncf.io/) project.
diff --git a/content/v1.19/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml b/content/v1.19/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml
deleted file mode 100644
index 72c81b265..000000000
--- a/content/v1.19/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml
+++ /dev/null
@@ -1,2268 +0,0 @@
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.16.5
- name: compositionrevisions.apiextensions.crossplane.io
-spec:
- group: apiextensions.crossplane.io
- names:
- categories:
- - crossplane
- kind: CompositionRevision
- listKind: CompositionRevisionList
- plural: compositionrevisions
- shortNames:
- - comprev
- singular: compositionrevision
- scope: Cluster
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.revision
- name: REVISION
- type: string
- - jsonPath: .spec.compositeTypeRef.kind
- name: XR-KIND
- type: string
- - jsonPath: .spec.compositeTypeRef.apiVersion
- name: XR-APIVERSION
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: AGE
- type: date
- name: v1
- schema:
- openAPIV3Schema:
- description: |-
- A CompositionRevision represents a revision of a Composition. Crossplane
- creates new revisions when there are changes to the Composition.
-
- Crossplane creates and manages CompositionRevisions. Don't directly edit
- CompositionRevisions.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: |-
- CompositionRevisionSpec specifies the desired state of the composition
- revision.
- properties:
- compositeTypeRef:
- description: |-
- CompositeTypeRef specifies the type of composite resource that this
- composition is compatible with.
- properties:
- apiVersion:
- description: APIVersion of the type.
- type: string
- kind:
- description: Kind of the type.
- type: string
- required:
- - apiVersion
- - kind
- type: object
- x-kubernetes-validations:
- - message: Value is immutable
- rule: self == oldSelf
- mode:
- default: Resources
- description: |-
- Mode controls what type or "mode" of Composition will be used.
-
- "Pipeline" indicates that a Composition specifies a pipeline of
- Composition Functions, each of which is responsible for producing
- composed resources that Crossplane should create or update.
-
- "Resources" indicates that a Composition uses what is commonly referred
- to as "Patch & Transform" or P&T composition. This mode of Composition
- uses an array of resources, each a template for a composed resource.
-
- All Compositions should use Pipeline mode. Resources mode is deprecated.
- Resources mode won't be removed in Crossplane 1.x, and will remain the
- default to avoid breaking legacy Compositions. However, it's no longer
- accepting new features, and only accepting security related bug fixes.
- enum:
- - Resources
- - Pipeline
- type: string
- patchSets:
- description: |-
- PatchSets define a named set of patches that may be included by any
- resource in this Composition. PatchSets cannot themselves refer to other
- PatchSets.
-
- PatchSets are only used by the "Resources" mode of Composition. They
- are ignored by other modes.
-
- Deprecated: Use Composition Functions instead.
- items:
- description: |-
- A PatchSet is a set of patches that can be reused from all resources within
- a Composition.
- properties:
- name:
- description: Name of this PatchSet.
- type: string
- patches:
- description: Patches will be applied as an overlay to the base
- resource.
- items:
- description: |-
- Patch objects are applied between composite and composed resources. Their
- behaviour depends on the Type selected. The default Type,
- FromCompositeFieldPath, copies a value from the composite resource to
- the composed resource, applying any defined transformers.
- properties:
- combine:
- description: |-
- Combine is the patch configuration for a CombineFromComposite or
- CombineToComposite patch.
- properties:
- strategy:
- description: |-
- Strategy defines the strategy to use to combine the input variable values.
- Currently only string is supported.
- enum:
- - string
- type: string
- string:
- description: |-
- String declares that input variables should be combined into a single
- string, using the relevant settings for formatting purposes.
- properties:
- fmt:
- description: |-
- Format the input using a Go format string. See
- https://golang.org/pkg/fmt/ for details.
- type: string
- required:
- - fmt
- type: object
- variables:
- description: |-
- Variables are the list of variables whose values will be retrieved and
- combined.
- items:
- description: |-
- A CombineVariable defines the source of a value that is combined with
- others to form and patch an output value. Currently, this only supports
- retrieving values from a field path.
- properties:
- fromFieldPath:
- description: |-
- FromFieldPath is the path of the field on the source whose value is
- to be used as input.
- type: string
- required:
- - fromFieldPath
- type: object
- minItems: 1
- type: array
- required:
- - strategy
- - variables
- type: object
- fromFieldPath:
- description: |-
- FromFieldPath is the path of the field on the resource whose value is
- to be used as input. Required when type is FromCompositeFieldPath or
- ToCompositeFieldPath.
- type: string
- patchSetName:
- description: PatchSetName to include patches from. Required
- when type is PatchSet.
- type: string
- policy:
- description: Policy configures the specifics of patching
- behaviour.
- properties:
- fromFieldPath:
- description: |-
- FromFieldPath specifies how to patch from a field path. The default is
- 'Optional', which means the patch will be a no-op if the specified
- fromFieldPath does not exist. Use 'Required' if the patch should fail if
- the specified path does not exist.
- enum:
- - Optional
- - Required
- type: string
- mergeOptions:
- description: MergeOptions Specifies merge options
- on a field path.
- properties:
- appendSlice:
- description: Specifies that already existing elements
- in a merged slice should be preserved
- type: boolean
- keepMapValues:
- description: Specifies that already existing values
- in a merged map should be preserved
- type: boolean
- type: object
- type: object
- toFieldPath:
- description: |-
- ToFieldPath is the path of the field on the resource whose value will
- be changed with the result of transforms. Leave empty if you'd like to
- propagate to the same path as fromFieldPath.
- type: string
- transforms:
- description: |-
- Transforms are the list of functions that are used as a FIFO pipe for the
- input to be transformed.
- items:
- description: |-
- Transform is a unit of process whose input is transformed into an output with
- the supplied configuration.
- properties:
- convert:
- description: Convert is used to cast the input into
- the given output type.
- properties:
- format:
- description: |-
- The expected input format.
-
- * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).
- Only used during `string -> float64` conversions.
- * `json` - parses the input as a JSON string.
- Only used during `string -> object` or `string -> list` conversions.
-
- If this property is null, the default conversion is applied.
- enum:
- - none
- - quantity
- - json
- type: string
- toType:
- description: ToType is the type of the output
- of this transform.
- enum:
- - string
- - int
- - int64
- - bool
- - float64
- - object
- - array
- type: string
- required:
- - toType
- type: object
- map:
- additionalProperties:
- x-kubernetes-preserve-unknown-fields: true
- description: Map uses the input as a key in the
- given map and returns the value.
- type: object
- match:
- description: Match is a more complex version of
- Map that matches a list of patterns.
- properties:
- fallbackTo:
- default: Value
- description: Determines to what value the transform
- should fallback if no pattern matches.
- enum:
- - Value
- - Input
- type: string
- fallbackValue:
- description: |-
- The fallback value that should be returned by the transform if now pattern
- matches.
- x-kubernetes-preserve-unknown-fields: true
- patterns:
- description: |-
- The patterns that should be tested against the input string.
- Patterns are tested in order. The value of the first match is used as
- result of this transform.
- items:
- description: |-
- MatchTransformPattern is a transform that returns the value that matches a
- pattern.
- properties:
- literal:
- description: |-
- Literal exactly matches the input string (case sensitive).
- Is required if `type` is `literal`.
- type: string
- regexp:
- description: |-
- Regexp to match against the input string.
- Is required if `type` is `regexp`.
- type: string
- result:
- description: The value that is used as
- result of the transform if the pattern
- matches.
- x-kubernetes-preserve-unknown-fields: true
- type:
- default: literal
- description: |-
- Type specifies how the pattern matches the input.
-
- * `literal` - the pattern value has to exactly match (case sensitive) the
- input string. This is the default.
-
- * `regexp` - the pattern treated as a regular expression against
- which the input string is tested. Crossplane will throw an error if the
- key is not a valid regexp.
- enum:
- - literal
- - regexp
- type: string
- required:
- - result
- - type
- type: object
- type: array
- type: object
- math:
- description: |-
- Math is used to transform the input via mathematical operations such as
- multiplication.
- properties:
- clampMax:
- description: ClampMax makes sure that the value
- is not bigger than the given value.
- format: int64
- type: integer
- clampMin:
- description: ClampMin makes sure that the value
- is not smaller than the given value.
- format: int64
- type: integer
- multiply:
- description: Multiply the value.
- format: int64
- type: integer
- type:
- default: Multiply
- description: Type of the math transform to be
- run.
- enum:
- - Multiply
- - ClampMin
- - ClampMax
- type: string
- type: object
- string:
- description: |-
- String is used to transform the input into a string or a different kind
- of string. Note that the input does not necessarily need to be a string.
- properties:
- convert:
- description: |-
- Optional conversion method to be specified.
- `ToUpper` and `ToLower` change the letter case of the input string.
- `ToBase64` and `FromBase64` perform a base64 conversion based on the input string.
- `ToJson` converts any input value into its raw JSON representation.
- `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input
- converted to JSON.
- `ToAdler32` generate a addler32 hash based on the input string.
- enum:
- - ToUpper
- - ToLower
- - ToBase64
- - FromBase64
- - ToJson
- - ToSha1
- - ToSha256
- - ToSha512
- - ToAdler32
- type: string
- fmt:
- description: |-
- Format the input using a Go format string. See
- https://golang.org/pkg/fmt/ for details.
- type: string
- join:
- description: Join defines parameters to join
- a slice of values to a string.
- properties:
- separator:
- description: |-
- Separator defines the character that should separate the values from each
- other in the joined string.
- type: string
- required:
- - separator
- type: object
- regexp:
- description: Extract a match from the input
- using a regular expression.
- properties:
- group:
- description: Group number to match. 0 (the
- default) matches the entire expression.
- type: integer
- match:
- description: |-
- Match string. May optionally include submatches, aka capture groups.
- See https://pkg.go.dev/regexp/ for details.
- type: string
- required:
- - match
- type: object
- trim:
- description: Trim the prefix or suffix from
- the input
- type: string
- type:
- default: Format
- description: Type of the string transform to
- be run.
- enum:
- - Format
- - Convert
- - TrimPrefix
- - TrimSuffix
- - Regexp
- - Join
- type: string
- type: object
- type:
- description: Type of the transform to be run.
- enum:
- - map
- - match
- - math
- - string
- - convert
- type: string
- required:
- - type
- type: object
- type: array
- type:
- default: FromCompositeFieldPath
- description: |-
- Type sets the patching behaviour to be used. Each patch type may require
- its own fields to be set on the Patch object.
- enum:
- - FromCompositeFieldPath
- - PatchSet
- - ToCompositeFieldPath
- - CombineFromComposite
- - CombineToComposite
- type: string
- type: object
- type: array
- required:
- - name
- - patches
- type: object
- type: array
- pipeline:
- description: |-
- Pipeline is a list of composition function steps that will be used when a
- composite resource referring to this composition is created. One of
- resources and pipeline must be specified - you cannot specify both.
-
- The Pipeline is only used by the "Pipeline" mode of Composition. It is
- ignored by other modes.
- items:
- description: A PipelineStep in a Composition Function pipeline.
- properties:
- credentials:
- description: Credentials are optional credentials that the Composition
- Function needs.
- items:
- description: |-
- FunctionCredentials are optional credentials that a Composition Function
- needs to run.
- properties:
- name:
- description: Name of this set of credentials.
- type: string
- secretRef:
- description: |-
- A SecretRef is a reference to a secret containing credentials that should
- be supplied to the function.
- properties:
- name:
- description: Name of the secret.
- type: string
- namespace:
- description: Namespace of the secret.
- type: string
- required:
- - name
- - namespace
- type: object
- source:
- description: Source of the function credentials.
- enum:
- - None
- - Secret
- type: string
- required:
- - name
- - source
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- functionRef:
- description: |-
- FunctionRef is a reference to the Composition Function this step should
- execute.
- properties:
- name:
- description: Name of the referenced Function.
- type: string
- required:
- - name
- type: object
- input:
- description: |-
- Input is an optional, arbitrary Kubernetes resource (i.e. a resource
- with an apiVersion and kind) that will be passed to the Composition
- Function as the 'input' of its RunFunctionRequest.
- type: object
- x-kubernetes-embedded-resource: true
- x-kubernetes-preserve-unknown-fields: true
- step:
- description: Step name. Must be unique within its Pipeline.
- type: string
- required:
- - functionRef
- - step
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - step
- x-kubernetes-list-type: map
- publishConnectionDetailsWithStoreConfigRef:
- default:
- name: default
- description: |-
- PublishConnectionDetailsWithStoreConfig specifies the secret store config
- with which the connection details of composite resources dynamically
- provisioned using this composition will be published.
-
- THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored
- unless the relevant Crossplane feature flag is enabled, and may be
- changed or removed without notice.
- properties:
- name:
- description: Name of the referenced StoreConfig.
- type: string
- required:
- - name
- type: object
- resources:
- description: |-
- Resources is a list of resource templates that will be used when a
- composite resource referring to this composition is created.
-
- Resources are only used by the "Resources" mode of Composition. They are
- ignored by other modes.
-
- Deprecated: Use Composition Functions instead.
- items:
- description: |-
- ComposedTemplate is used to provide information about how the composed resource
- should be processed.
- properties:
- base:
- description: Base is the target resource that the patches will
- be applied on.
- type: object
- x-kubernetes-embedded-resource: true
- x-kubernetes-preserve-unknown-fields: true
- connectionDetails:
- description: |-
- ConnectionDetails lists the propagation secret keys from this target
- resource to the composition instance connection secret.
- items:
- description: |-
- ConnectionDetail includes the information about the propagation of the connection
- information from one secret to another.
- properties:
- fromConnectionSecretKey:
- description: |-
- FromConnectionSecretKey is the key that will be used to fetch the value
- from the composed resource's connection secret.
- type: string
- fromFieldPath:
- description: |-
- FromFieldPath is the path of the field on the composed resource whose
- value to be used as input. Name must be specified if the type is
- FromFieldPath.
- type: string
- name:
- description: |-
- Name of the connection secret key that will be propagated to the
- connection secret of the composition instance. Leave empty if you'd like
- to use the same key name.
- type: string
- type:
- description: |-
- Type sets the connection detail fetching behaviour to be used. Each
- connection detail type may require its own fields to be set on the
- ConnectionDetail object. If the type is omitted Crossplane will attempt
- to infer it based on which other fields were specified. If multiple
- fields are specified the order of precedence is:
- 1. FromValue
- 2. FromConnectionSecretKey
- 3. FromFieldPath
- enum:
- - FromConnectionSecretKey
- - FromFieldPath
- - FromValue
- type: string
- value:
- description: |-
- Value that will be propagated to the connection secret of the composite
- resource. May be set to inject a fixed, non-sensitive connection secret
- value, for example a well-known port.
- type: string
- type: object
- type: array
- name:
- description: |-
- A Name uniquely identifies this entry within its Composition's resources
- array. Names are optional but *strongly* recommended. When all entries in
- the resources array are named entries may added, deleted, and reordered
- as long as their names do not change. When entries are not named the
- length and order of the resources array should be treated as immutable.
- Either all or no entries must be named.
- type: string
- patches:
- description: Patches will be applied as overlay to the base
- resource.
- items:
- description: |-
- Patch objects are applied between composite and composed resources. Their
- behaviour depends on the Type selected. The default Type,
- FromCompositeFieldPath, copies a value from the composite resource to
- the composed resource, applying any defined transformers.
- properties:
- combine:
- description: |-
- Combine is the patch configuration for a CombineFromComposite or
- CombineToComposite patch.
- properties:
- strategy:
- description: |-
- Strategy defines the strategy to use to combine the input variable values.
- Currently only string is supported.
- enum:
- - string
- type: string
- string:
- description: |-
- String declares that input variables should be combined into a single
- string, using the relevant settings for formatting purposes.
- properties:
- fmt:
- description: |-
- Format the input using a Go format string. See
- https://golang.org/pkg/fmt/ for details.
- type: string
- required:
- - fmt
- type: object
- variables:
- description: |-
- Variables are the list of variables whose values will be retrieved and
- combined.
- items:
- description: |-
- A CombineVariable defines the source of a value that is combined with
- others to form and patch an output value. Currently, this only supports
- retrieving values from a field path.
- properties:
- fromFieldPath:
- description: |-
- FromFieldPath is the path of the field on the source whose value is
- to be used as input.
- type: string
- required:
- - fromFieldPath
- type: object
- minItems: 1
- type: array
- required:
- - strategy
- - variables
- type: object
- fromFieldPath:
- description: |-
- FromFieldPath is the path of the field on the resource whose value is
- to be used as input. Required when type is FromCompositeFieldPath or
- ToCompositeFieldPath.
- type: string
- patchSetName:
- description: PatchSetName to include patches from. Required
- when type is PatchSet.
- type: string
- policy:
- description: Policy configures the specifics of patching
- behaviour.
- properties:
- fromFieldPath:
- description: |-
- FromFieldPath specifies how to patch from a field path. The default is
- 'Optional', which means the patch will be a no-op if the specified
- fromFieldPath does not exist. Use 'Required' if the patch should fail if
- the specified path does not exist.
- enum:
- - Optional
- - Required
- type: string
- mergeOptions:
- description: MergeOptions Specifies merge options
- on a field path.
- properties:
- appendSlice:
- description: Specifies that already existing elements
- in a merged slice should be preserved
- type: boolean
- keepMapValues:
- description: Specifies that already existing values
- in a merged map should be preserved
- type: boolean
- type: object
- type: object
- toFieldPath:
- description: |-
- ToFieldPath is the path of the field on the resource whose value will
- be changed with the result of transforms. Leave empty if you'd like to
- propagate to the same path as fromFieldPath.
- type: string
- transforms:
- description: |-
- Transforms are the list of functions that are used as a FIFO pipe for the
- input to be transformed.
- items:
- description: |-
- Transform is a unit of process whose input is transformed into an output with
- the supplied configuration.
- properties:
- convert:
- description: Convert is used to cast the input into
- the given output type.
- properties:
- format:
- description: |-
- The expected input format.
-
- * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).
- Only used during `string -> float64` conversions.
- * `json` - parses the input as a JSON string.
- Only used during `string -> object` or `string -> list` conversions.
-
- If this property is null, the default conversion is applied.
- enum:
- - none
- - quantity
- - json
- type: string
- toType:
- description: ToType is the type of the output
- of this transform.
- enum:
- - string
- - int
- - int64
- - bool
- - float64
- - object
- - array
- type: string
- required:
- - toType
- type: object
- map:
- additionalProperties:
- x-kubernetes-preserve-unknown-fields: true
- description: Map uses the input as a key in the
- given map and returns the value.
- type: object
- match:
- description: Match is a more complex version of
- Map that matches a list of patterns.
- properties:
- fallbackTo:
- default: Value
- description: Determines to what value the transform
- should fallback if no pattern matches.
- enum:
- - Value
- - Input
- type: string
- fallbackValue:
- description: |-
- The fallback value that should be returned by the transform if now pattern
- matches.
- x-kubernetes-preserve-unknown-fields: true
- patterns:
- description: |-
- The patterns that should be tested against the input string.
- Patterns are tested in order. The value of the first match is used as
- result of this transform.
- items:
- description: |-
- MatchTransformPattern is a transform that returns the value that matches a
- pattern.
- properties:
- literal:
- description: |-
- Literal exactly matches the input string (case sensitive).
- Is required if `type` is `literal`.
- type: string
- regexp:
- description: |-
- Regexp to match against the input string.
- Is required if `type` is `regexp`.
- type: string
- result:
- description: The value that is used as
- result of the transform if the pattern
- matches.
- x-kubernetes-preserve-unknown-fields: true
- type:
- default: literal
- description: |-
- Type specifies how the pattern matches the input.
-
- * `literal` - the pattern value has to exactly match (case sensitive) the
- input string. This is the default.
-
- * `regexp` - the pattern treated as a regular expression against
- which the input string is tested. Crossplane will throw an error if the
- key is not a valid regexp.
- enum:
- - literal
- - regexp
- type: string
- required:
- - result
- - type
- type: object
- type: array
- type: object
- math:
- description: |-
- Math is used to transform the input via mathematical operations such as
- multiplication.
- properties:
- clampMax:
- description: ClampMax makes sure that the value
- is not bigger than the given value.
- format: int64
- type: integer
- clampMin:
- description: ClampMin makes sure that the value
- is not smaller than the given value.
- format: int64
- type: integer
- multiply:
- description: Multiply the value.
- format: int64
- type: integer
- type:
- default: Multiply
- description: Type of the math transform to be
- run.
- enum:
- - Multiply
- - ClampMin
- - ClampMax
- type: string
- type: object
- string:
- description: |-
- String is used to transform the input into a string or a different kind
- of string. Note that the input does not necessarily need to be a string.
- properties:
- convert:
- description: |-
- Optional conversion method to be specified.
- `ToUpper` and `ToLower` change the letter case of the input string.
- `ToBase64` and `FromBase64` perform a base64 conversion based on the input string.
- `ToJson` converts any input value into its raw JSON representation.
- `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input
- converted to JSON.
- `ToAdler32` generate a addler32 hash based on the input string.
- enum:
- - ToUpper
- - ToLower
- - ToBase64
- - FromBase64
- - ToJson
- - ToSha1
- - ToSha256
- - ToSha512
- - ToAdler32
- type: string
- fmt:
- description: |-
- Format the input using a Go format string. See
- https://golang.org/pkg/fmt/ for details.
- type: string
- join:
- description: Join defines parameters to join
- a slice of values to a string.
- properties:
- separator:
- description: |-
- Separator defines the character that should separate the values from each
- other in the joined string.
- type: string
- required:
- - separator
- type: object
- regexp:
- description: Extract a match from the input
- using a regular expression.
- properties:
- group:
- description: Group number to match. 0 (the
- default) matches the entire expression.
- type: integer
- match:
- description: |-
- Match string. May optionally include submatches, aka capture groups.
- See https://pkg.go.dev/regexp/ for details.
- type: string
- required:
- - match
- type: object
- trim:
- description: Trim the prefix or suffix from
- the input
- type: string
- type:
- default: Format
- description: Type of the string transform to
- be run.
- enum:
- - Format
- - Convert
- - TrimPrefix
- - TrimSuffix
- - Regexp
- - Join
- type: string
- type: object
- type:
- description: Type of the transform to be run.
- enum:
- - map
- - match
- - math
- - string
- - convert
- type: string
- required:
- - type
- type: object
- type: array
- type:
- default: FromCompositeFieldPath
- description: |-
- Type sets the patching behaviour to be used. Each patch type may require
- its own fields to be set on the Patch object.
- enum:
- - FromCompositeFieldPath
- - PatchSet
- - ToCompositeFieldPath
- - CombineFromComposite
- - CombineToComposite
- type: string
- type: object
- type: array
- readinessChecks:
- default:
- - matchCondition:
- status: "True"
- type: Ready
- type: MatchCondition
- description: |-
- ReadinessChecks allows users to define custom readiness checks. All checks
- have to return true in order for resource to be considered ready. The
- default readiness check is to have the "Ready" condition to be "True".
- items:
- description: |-
- ReadinessCheck is used to indicate how to tell whether a resource is ready
- for consumption.
- properties:
- fieldPath:
- description: FieldPath shows the path of the field whose
- value will be used.
- type: string
- matchCondition:
- description: MatchCondition specifies the condition you'd
- like to match if you're using "MatchCondition" type.
- properties:
- status:
- default: "True"
- description: Status is the status of the condition
- you'd like to match.
- type: string
- type:
- default: Ready
- description: Type indicates the type of condition
- you'd like to use.
- type: string
- required:
- - status
- - type
- type: object
- matchInteger:
- description: MatchInt is the value you'd like to match
- if you're using "MatchInt" type.
- format: int64
- type: integer
- matchString:
- description: MatchString is the value you'd like to match
- if you're using "MatchString" type.
- type: string
- type:
- description: Type indicates the type of probe you'd like
- to use.
- enum:
- - MatchString
- - MatchInteger
- - NonEmpty
- - MatchCondition
- - MatchTrue
- - MatchFalse
- - None
- type: string
- required:
- - type
- type: object
- type: array
- required:
- - base
- type: object
- type: array
- revision:
- description: |-
- Revision number. Newer revisions have larger numbers.
-
- This number can change. When a Composition transitions from state A
- -> B -> A there will be only two CompositionRevisions. Crossplane will
- edit the original CompositionRevision to change its revision number from
- 0 to 2.
- format: int64
- type: integer
- writeConnectionSecretsToNamespace:
- description: |-
- WriteConnectionSecretsToNamespace specifies the namespace in which the
- connection secrets of composite resource dynamically provisioned using
- this composition will be created.
- This field is planned to be replaced in a future release in favor of
- PublishConnectionDetailsWithStoreConfigRef. Currently, both could be
- set independently and connection details would be published to both
- without affecting each other as long as related fields at MR level
- specified.
- type: string
- required:
- - compositeTypeRef
- - revision
- type: object
- status:
- description: |-
- CompositionRevisionStatus shows the observed state of the composition
- revision.
- properties:
- conditions:
- description: Conditions of the resource.
- items:
- description: A Condition that may apply to a resource.
- properties:
- lastTransitionTime:
- description: |-
- LastTransitionTime is the last time this condition transitioned from one
- status to another.
- format: date-time
- type: string
- message:
- description: |-
- A Message containing details about this condition's last transition from
- one status to another, if any.
- type: string
- observedGeneration:
- description: |-
- ObservedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- type: integer
- reason:
- description: A Reason for this condition's last transition from
- one status to another.
- type: string
- status:
- description: Status of this condition; is it currently True,
- False, or Unknown?
- type: string
- type:
- description: |-
- Type of this condition. At most one of each condition type may apply to
- a resource at any point in time.
- type: string
- required:
- - lastTransitionTime
- - reason
- - status
- - type
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.revision
- name: REVISION
- type: string
- - jsonPath: .spec.compositeTypeRef.kind
- name: XR-KIND
- type: string
- - jsonPath: .spec.compositeTypeRef.apiVersion
- name: XR-APIVERSION
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: AGE
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: |-
- A CompositionRevision represents a revision of a Composition. Crossplane
- creates new revisions when there are changes to the Composition.
-
- Crossplane creates and manages CompositionRevisions. Don't directly edit
- CompositionRevisions.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: |-
- CompositionRevisionSpec specifies the desired state of the composition
- revision.
- properties:
- compositeTypeRef:
- description: |-
- CompositeTypeRef specifies the type of composite resource that this
- composition is compatible with.
- properties:
- apiVersion:
- description: APIVersion of the type.
- type: string
- kind:
- description: Kind of the type.
- type: string
- required:
- - apiVersion
- - kind
- type: object
- x-kubernetes-validations:
- - message: Value is immutable
- rule: self == oldSelf
- mode:
- default: Resources
- description: |-
- Mode controls what type or "mode" of Composition will be used.
-
- "Pipeline" indicates that a Composition specifies a pipeline of
- Composition Functions, each of which is responsible for producing
- composed resources that Crossplane should create or update.
-
- "Resources" indicates that a Composition uses what is commonly referred
- to as "Patch & Transform" or P&T composition. This mode of Composition
- uses an array of resources, each a template for a composed resource.
-
- All Compositions should use Pipeline mode. Resources mode is deprecated.
- Resources mode won't be removed in Crossplane 1.x, and will remain the
- default to avoid breaking legacy Compositions. However, it's no longer
- accepting new features, and only accepting security related bug fixes.
- enum:
- - Resources
- - Pipeline
- type: string
- patchSets:
- description: |-
- PatchSets define a named set of patches that may be included by any
- resource in this Composition. PatchSets cannot themselves refer to other
- PatchSets.
-
- PatchSets are only used by the "Resources" mode of Composition. They
- are ignored by other modes.
-
- Deprecated: Use Composition Functions instead.
- items:
- description: |-
- A PatchSet is a set of patches that can be reused from all resources within
- a Composition.
- properties:
- name:
- description: Name of this PatchSet.
- type: string
- patches:
- description: Patches will be applied as an overlay to the base
- resource.
- items:
- description: |-
- Patch objects are applied between composite and composed resources. Their
- behaviour depends on the Type selected. The default Type,
- FromCompositeFieldPath, copies a value from the composite resource to
- the composed resource, applying any defined transformers.
- properties:
- combine:
- description: |-
- Combine is the patch configuration for a CombineFromComposite or
- CombineToComposite patch.
- properties:
- strategy:
- description: |-
- Strategy defines the strategy to use to combine the input variable values.
- Currently only string is supported.
- enum:
- - string
- type: string
- string:
- description: |-
- String declares that input variables should be combined into a single
- string, using the relevant settings for formatting purposes.
- properties:
- fmt:
- description: |-
- Format the input using a Go format string. See
- https://golang.org/pkg/fmt/ for details.
- type: string
- required:
- - fmt
- type: object
- variables:
- description: |-
- Variables are the list of variables whose values will be retrieved and
- combined.
- items:
- description: |-
- A CombineVariable defines the source of a value that is combined with
- others to form and patch an output value. Currently, this only supports
- retrieving values from a field path.
- properties:
- fromFieldPath:
- description: |-
- FromFieldPath is the path of the field on the source whose value is
- to be used as input.
- type: string
- required:
- - fromFieldPath
- type: object
- minItems: 1
- type: array
- required:
- - strategy
- - variables
- type: object
- fromFieldPath:
- description: |-
- FromFieldPath is the path of the field on the resource whose value is
- to be used as input. Required when type is FromCompositeFieldPath or
- ToCompositeFieldPath.
- type: string
- patchSetName:
- description: PatchSetName to include patches from. Required
- when type is PatchSet.
- type: string
- policy:
- description: Policy configures the specifics of patching
- behaviour.
- properties:
- fromFieldPath:
- description: |-
- FromFieldPath specifies how to patch from a field path. The default is
- 'Optional', which means the patch will be a no-op if the specified
- fromFieldPath does not exist. Use 'Required' if the patch should fail if
- the specified path does not exist.
- enum:
- - Optional
- - Required
- type: string
- mergeOptions:
- description: MergeOptions Specifies merge options
- on a field path.
- properties:
- appendSlice:
- description: Specifies that already existing elements
- in a merged slice should be preserved
- type: boolean
- keepMapValues:
- description: Specifies that already existing values
- in a merged map should be preserved
- type: boolean
- type: object
- type: object
- toFieldPath:
- description: |-
- ToFieldPath is the path of the field on the resource whose value will
- be changed with the result of transforms. Leave empty if you'd like to
- propagate to the same path as fromFieldPath.
- type: string
- transforms:
- description: |-
- Transforms are the list of functions that are used as a FIFO pipe for the
- input to be transformed.
- items:
- description: |-
- Transform is a unit of process whose input is transformed into an output with
- the supplied configuration.
- properties:
- convert:
- description: Convert is used to cast the input into
- the given output type.
- properties:
- format:
- description: |-
- The expected input format.
-
- * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).
- Only used during `string -> float64` conversions.
- * `json` - parses the input as a JSON string.
- Only used during `string -> object` or `string -> list` conversions.
-
- If this property is null, the default conversion is applied.
- enum:
- - none
- - quantity
- - json
- type: string
- toType:
- description: ToType is the type of the output
- of this transform.
- enum:
- - string
- - int
- - int64
- - bool
- - float64
- - object
- - array
- type: string
- required:
- - toType
- type: object
- map:
- additionalProperties:
- x-kubernetes-preserve-unknown-fields: true
- description: Map uses the input as a key in the
- given map and returns the value.
- type: object
- match:
- description: Match is a more complex version of
- Map that matches a list of patterns.
- properties:
- fallbackTo:
- default: Value
- description: Determines to what value the transform
- should fallback if no pattern matches.
- enum:
- - Value
- - Input
- type: string
- fallbackValue:
- description: |-
- The fallback value that should be returned by the transform if now pattern
- matches.
- x-kubernetes-preserve-unknown-fields: true
- patterns:
- description: |-
- The patterns that should be tested against the input string.
- Patterns are tested in order. The value of the first match is used as
- result of this transform.
- items:
- description: |-
- MatchTransformPattern is a transform that returns the value that matches a
- pattern.
- properties:
- literal:
- description: |-
- Literal exactly matches the input string (case sensitive).
- Is required if `type` is `literal`.
- type: string
- regexp:
- description: |-
- Regexp to match against the input string.
- Is required if `type` is `regexp`.
- type: string
- result:
- description: The value that is used as
- result of the transform if the pattern
- matches.
- x-kubernetes-preserve-unknown-fields: true
- type:
- default: literal
- description: |-
- Type specifies how the pattern matches the input.
-
- * `literal` - the pattern value has to exactly match (case sensitive) the
- input string. This is the default.
-
- * `regexp` - the pattern treated as a regular expression against
- which the input string is tested. Crossplane will throw an error if the
- key is not a valid regexp.
- enum:
- - literal
- - regexp
- type: string
- required:
- - result
- - type
- type: object
- type: array
- type: object
- math:
- description: |-
- Math is used to transform the input via mathematical operations such as
- multiplication.
- properties:
- clampMax:
- description: ClampMax makes sure that the value
- is not bigger than the given value.
- format: int64
- type: integer
- clampMin:
- description: ClampMin makes sure that the value
- is not smaller than the given value.
- format: int64
- type: integer
- multiply:
- description: Multiply the value.
- format: int64
- type: integer
- type:
- default: Multiply
- description: Type of the math transform to be
- run.
- enum:
- - Multiply
- - ClampMin
- - ClampMax
- type: string
- type: object
- string:
- description: |-
- String is used to transform the input into a string or a different kind
- of string. Note that the input does not necessarily need to be a string.
- properties:
- convert:
- description: |-
- Optional conversion method to be specified.
- `ToUpper` and `ToLower` change the letter case of the input string.
- `ToBase64` and `FromBase64` perform a base64 conversion based on the input string.
- `ToJson` converts any input value into its raw JSON representation.
- `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input
- converted to JSON.
- `ToAdler32` generate a addler32 hash based on the input string.
- enum:
- - ToUpper
- - ToLower
- - ToBase64
- - FromBase64
- - ToJson
- - ToSha1
- - ToSha256
- - ToSha512
- - ToAdler32
- type: string
- fmt:
- description: |-
- Format the input using a Go format string. See
- https://golang.org/pkg/fmt/ for details.
- type: string
- join:
- description: Join defines parameters to join
- a slice of values to a string.
- properties:
- separator:
- description: |-
- Separator defines the character that should separate the values from each
- other in the joined string.
- type: string
- required:
- - separator
- type: object
- regexp:
- description: Extract a match from the input
- using a regular expression.
- properties:
- group:
- description: Group number to match. 0 (the
- default) matches the entire expression.
- type: integer
- match:
- description: |-
- Match string. May optionally include submatches, aka capture groups.
- See https://pkg.go.dev/regexp/ for details.
- type: string
- required:
- - match
- type: object
- trim:
- description: Trim the prefix or suffix from
- the input
- type: string
- type:
- default: Format
- description: Type of the string transform to
- be run.
- enum:
- - Format
- - Convert
- - TrimPrefix
- - TrimSuffix
- - Regexp
- - Join
- type: string
- type: object
- type:
- description: Type of the transform to be run.
- enum:
- - map
- - match
- - math
- - string
- - convert
- type: string
- required:
- - type
- type: object
- type: array
- type:
- default: FromCompositeFieldPath
- description: |-
- Type sets the patching behaviour to be used. Each patch type may require
- its own fields to be set on the Patch object.
- enum:
- - FromCompositeFieldPath
- - PatchSet
- - ToCompositeFieldPath
- - CombineFromComposite
- - CombineToComposite
- type: string
- type: object
- type: array
- required:
- - name
- - patches
- type: object
- type: array
- pipeline:
- description: |-
- Pipeline is a list of composition function steps that will be used when a
- composite resource referring to this composition is created. One of
- resources and pipeline must be specified - you cannot specify both.
-
- The Pipeline is only used by the "Pipeline" mode of Composition. It is
- ignored by other modes.
- items:
- description: A PipelineStep in a Composition Function pipeline.
- properties:
- credentials:
- description: Credentials are optional credentials that the Composition
- Function needs.
- items:
- description: |-
- FunctionCredentials are optional credentials that a Composition Function
- needs to run.
- properties:
- name:
- description: Name of this set of credentials.
- type: string
- secretRef:
- description: |-
- A SecretRef is a reference to a secret containing credentials that should
- be supplied to the function.
- properties:
- name:
- description: Name of the secret.
- type: string
- namespace:
- description: Namespace of the secret.
- type: string
- required:
- - name
- - namespace
- type: object
- source:
- description: Source of the function credentials.
- enum:
- - None
- - Secret
- type: string
- required:
- - name
- - source
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- functionRef:
- description: |-
- FunctionRef is a reference to the Composition Function this step should
- execute.
- properties:
- name:
- description: Name of the referenced Function.
- type: string
- required:
- - name
- type: object
- input:
- description: |-
- Input is an optional, arbitrary Kubernetes resource (i.e. a resource
- with an apiVersion and kind) that will be passed to the Composition
- Function as the 'input' of its RunFunctionRequest.
- type: object
- x-kubernetes-embedded-resource: true
- x-kubernetes-preserve-unknown-fields: true
- step:
- description: Step name. Must be unique within its Pipeline.
- type: string
- required:
- - functionRef
- - step
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - step
- x-kubernetes-list-type: map
- publishConnectionDetailsWithStoreConfigRef:
- default:
- name: default
- description: |-
- PublishConnectionDetailsWithStoreConfig specifies the secret store config
- with which the connection details of composite resources dynamically
- provisioned using this composition will be published.
-
- THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored
- unless the relevant Crossplane feature flag is enabled, and may be
- changed or removed without notice.
- properties:
- name:
- description: Name of the referenced StoreConfig.
- type: string
- required:
- - name
- type: object
- resources:
- description: |-
- Resources is a list of resource templates that will be used when a
- composite resource referring to this composition is created.
-
- Resources are only used by the "Resources" mode of Composition. They are
- ignored by other modes.
-
- Deprecated: Use Composition Functions instead.
- items:
- description: |-
- ComposedTemplate is used to provide information about how the composed resource
- should be processed.
- properties:
- base:
- description: Base is the target resource that the patches will
- be applied on.
- type: object
- x-kubernetes-embedded-resource: true
- x-kubernetes-preserve-unknown-fields: true
- connectionDetails:
- description: |-
- ConnectionDetails lists the propagation secret keys from this target
- resource to the composition instance connection secret.
- items:
- description: |-
- ConnectionDetail includes the information about the propagation of the connection
- information from one secret to another.
- properties:
- fromConnectionSecretKey:
- description: |-
- FromConnectionSecretKey is the key that will be used to fetch the value
- from the composed resource's connection secret.
- type: string
- fromFieldPath:
- description: |-
- FromFieldPath is the path of the field on the composed resource whose
- value to be used as input. Name must be specified if the type is
- FromFieldPath.
- type: string
- name:
- description: |-
- Name of the connection secret key that will be propagated to the
- connection secret of the composition instance. Leave empty if you'd like
- to use the same key name.
- type: string
- type:
- description: |-
- Type sets the connection detail fetching behaviour to be used. Each
- connection detail type may require its own fields to be set on the
- ConnectionDetail object. If the type is omitted Crossplane will attempt
- to infer it based on which other fields were specified. If multiple
- fields are specified the order of precedence is:
- 1. FromValue
- 2. FromConnectionSecretKey
- 3. FromFieldPath
- enum:
- - FromConnectionSecretKey
- - FromFieldPath
- - FromValue
- type: string
- value:
- description: |-
- Value that will be propagated to the connection secret of the composite
- resource. May be set to inject a fixed, non-sensitive connection secret
- value, for example a well-known port.
- type: string
- type: object
- type: array
- name:
- description: |-
- A Name uniquely identifies this entry within its Composition's resources
- array. Names are optional but *strongly* recommended. When all entries in
- the resources array are named entries may added, deleted, and reordered
- as long as their names do not change. When entries are not named the
- length and order of the resources array should be treated as immutable.
- Either all or no entries must be named.
- type: string
- patches:
- description: Patches will be applied as overlay to the base
- resource.
- items:
- description: |-
- Patch objects are applied between composite and composed resources. Their
- behaviour depends on the Type selected. The default Type,
- FromCompositeFieldPath, copies a value from the composite resource to
- the composed resource, applying any defined transformers.
- properties:
- combine:
- description: |-
- Combine is the patch configuration for a CombineFromComposite or
- CombineToComposite patch.
- properties:
- strategy:
- description: |-
- Strategy defines the strategy to use to combine the input variable values.
- Currently only string is supported.
- enum:
- - string
- type: string
- string:
- description: |-
- String declares that input variables should be combined into a single
- string, using the relevant settings for formatting purposes.
- properties:
- fmt:
- description: |-
- Format the input using a Go format string. See
- https://golang.org/pkg/fmt/ for details.
- type: string
- required:
- - fmt
- type: object
- variables:
- description: |-
- Variables are the list of variables whose values will be retrieved and
- combined.
- items:
- description: |-
- A CombineVariable defines the source of a value that is combined with
- others to form and patch an output value. Currently, this only supports
- retrieving values from a field path.
- properties:
- fromFieldPath:
- description: |-
- FromFieldPath is the path of the field on the source whose value is
- to be used as input.
- type: string
- required:
- - fromFieldPath
- type: object
- minItems: 1
- type: array
- required:
- - strategy
- - variables
- type: object
- fromFieldPath:
- description: |-
- FromFieldPath is the path of the field on the resource whose value is
- to be used as input. Required when type is FromCompositeFieldPath or
- ToCompositeFieldPath.
- type: string
- patchSetName:
- description: PatchSetName to include patches from. Required
- when type is PatchSet.
- type: string
- policy:
- description: Policy configures the specifics of patching
- behaviour.
- properties:
- fromFieldPath:
- description: |-
- FromFieldPath specifies how to patch from a field path. The default is
- 'Optional', which means the patch will be a no-op if the specified
- fromFieldPath does not exist. Use 'Required' if the patch should fail if
- the specified path does not exist.
- enum:
- - Optional
- - Required
- type: string
- mergeOptions:
- description: MergeOptions Specifies merge options
- on a field path.
- properties:
- appendSlice:
- description: Specifies that already existing elements
- in a merged slice should be preserved
- type: boolean
- keepMapValues:
- description: Specifies that already existing values
- in a merged map should be preserved
- type: boolean
- type: object
- type: object
- toFieldPath:
- description: |-
- ToFieldPath is the path of the field on the resource whose value will
- be changed with the result of transforms. Leave empty if you'd like to
- propagate to the same path as fromFieldPath.
- type: string
- transforms:
- description: |-
- Transforms are the list of functions that are used as a FIFO pipe for the
- input to be transformed.
- items:
- description: |-
- Transform is a unit of process whose input is transformed into an output with
- the supplied configuration.
- properties:
- convert:
- description: Convert is used to cast the input into
- the given output type.
- properties:
- format:
- description: |-
- The expected input format.
-
- * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).
- Only used during `string -> float64` conversions.
- * `json` - parses the input as a JSON string.
- Only used during `string -> object` or `string -> list` conversions.
-
- If this property is null, the default conversion is applied.
- enum:
- - none
- - quantity
- - json
- type: string
- toType:
- description: ToType is the type of the output
- of this transform.
- enum:
- - string
- - int
- - int64
- - bool
- - float64
- - object
- - array
- type: string
- required:
- - toType
- type: object
- map:
- additionalProperties:
- x-kubernetes-preserve-unknown-fields: true
- description: Map uses the input as a key in the
- given map and returns the value.
- type: object
- match:
- description: Match is a more complex version of
- Map that matches a list of patterns.
- properties:
- fallbackTo:
- default: Value
- description: Determines to what value the transform
- should fallback if no pattern matches.
- enum:
- - Value
- - Input
- type: string
- fallbackValue:
- description: |-
- The fallback value that should be returned by the transform if now pattern
- matches.
- x-kubernetes-preserve-unknown-fields: true
- patterns:
- description: |-
- The patterns that should be tested against the input string.
- Patterns are tested in order. The value of the first match is used as
- result of this transform.
- items:
- description: |-
- MatchTransformPattern is a transform that returns the value that matches a
- pattern.
- properties:
- literal:
- description: |-
- Literal exactly matches the input string (case sensitive).
- Is required if `type` is `literal`.
- type: string
- regexp:
- description: |-
- Regexp to match against the input string.
- Is required if `type` is `regexp`.
- type: string
- result:
- description: The value that is used as
- result of the transform if the pattern
- matches.
- x-kubernetes-preserve-unknown-fields: true
- type:
- default: literal
- description: |-
- Type specifies how the pattern matches the input.
-
- * `literal` - the pattern value has to exactly match (case sensitive) the
- input string. This is the default.
-
- * `regexp` - the pattern treated as a regular expression against
- which the input string is tested. Crossplane will throw an error if the
- key is not a valid regexp.
- enum:
- - literal
- - regexp
- type: string
- required:
- - result
- - type
- type: object
- type: array
- type: object
- math:
- description: |-
- Math is used to transform the input via mathematical operations such as
- multiplication.
- properties:
- clampMax:
- description: ClampMax makes sure that the value
- is not bigger than the given value.
- format: int64
- type: integer
- clampMin:
- description: ClampMin makes sure that the value
- is not smaller than the given value.
- format: int64
- type: integer
- multiply:
- description: Multiply the value.
- format: int64
- type: integer
- type:
- default: Multiply
- description: Type of the math transform to be
- run.
- enum:
- - Multiply
- - ClampMin
- - ClampMax
- type: string
- type: object
- string:
- description: |-
- String is used to transform the input into a string or a different kind
- of string. Note that the input does not necessarily need to be a string.
- properties:
- convert:
- description: |-
- Optional conversion method to be specified.
- `ToUpper` and `ToLower` change the letter case of the input string.
- `ToBase64` and `FromBase64` perform a base64 conversion based on the input string.
- `ToJson` converts any input value into its raw JSON representation.
- `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input
- converted to JSON.
- `ToAdler32` generate a addler32 hash based on the input string.
- enum:
- - ToUpper
- - ToLower
- - ToBase64
- - FromBase64
- - ToJson
- - ToSha1
- - ToSha256
- - ToSha512
- - ToAdler32
- type: string
- fmt:
- description: |-
- Format the input using a Go format string. See
- https://golang.org/pkg/fmt/ for details.
- type: string
- join:
- description: Join defines parameters to join
- a slice of values to a string.
- properties:
- separator:
- description: |-
- Separator defines the character that should separate the values from each
- other in the joined string.
- type: string
- required:
- - separator
- type: object
- regexp:
- description: Extract a match from the input
- using a regular expression.
- properties:
- group:
- description: Group number to match. 0 (the
- default) matches the entire expression.
- type: integer
- match:
- description: |-
- Match string. May optionally include submatches, aka capture groups.
- See https://pkg.go.dev/regexp/ for details.
- type: string
- required:
- - match
- type: object
- trim:
- description: Trim the prefix or suffix from
- the input
- type: string
- type:
- default: Format
- description: Type of the string transform to
- be run.
- enum:
- - Format
- - Convert
- - TrimPrefix
- - TrimSuffix
- - Regexp
- - Join
- type: string
- type: object
- type:
- description: Type of the transform to be run.
- enum:
- - map
- - match
- - math
- - string
- - convert
- type: string
- required:
- - type
- type: object
- type: array
- type:
- default: FromCompositeFieldPath
- description: |-
- Type sets the patching behaviour to be used. Each patch type may require
- its own fields to be set on the Patch object.
- enum:
- - FromCompositeFieldPath
- - PatchSet
- - ToCompositeFieldPath
- - CombineFromComposite
- - CombineToComposite
- type: string
- type: object
- type: array
- readinessChecks:
- default:
- - matchCondition:
- status: "True"
- type: Ready
- type: MatchCondition
- description: |-
- ReadinessChecks allows users to define custom readiness checks. All checks
- have to return true in order for resource to be considered ready. The
- default readiness check is to have the "Ready" condition to be "True".
- items:
- description: |-
- ReadinessCheck is used to indicate how to tell whether a resource is ready
- for consumption.
- properties:
- fieldPath:
- description: FieldPath shows the path of the field whose
- value will be used.
- type: string
- matchCondition:
- description: MatchCondition specifies the condition you'd
- like to match if you're using "MatchCondition" type.
- properties:
- status:
- default: "True"
- description: Status is the status of the condition
- you'd like to match.
- type: string
- type:
- default: Ready
- description: Type indicates the type of condition
- you'd like to use.
- type: string
- required:
- - status
- - type
- type: object
- matchInteger:
- description: MatchInt is the value you'd like to match
- if you're using "MatchInt" type.
- format: int64
- type: integer
- matchString:
- description: MatchString is the value you'd like to match
- if you're using "MatchString" type.
- type: string
- type:
- description: Type indicates the type of probe you'd like
- to use.
- enum:
- - MatchString
- - MatchInteger
- - NonEmpty
- - MatchCondition
- - MatchTrue
- - MatchFalse
- - None
- type: string
- required:
- - type
- type: object
- type: array
- required:
- - base
- type: object
- type: array
- revision:
- description: |-
- Revision number. Newer revisions have larger numbers.
-
- This number can change. When a Composition transitions from state A
- -> B -> A there will be only two CompositionRevisions. Crossplane will
- edit the original CompositionRevision to change its revision number from
- 0 to 2.
- format: int64
- type: integer
- writeConnectionSecretsToNamespace:
- description: |-
- WriteConnectionSecretsToNamespace specifies the namespace in which the
- connection secrets of composite resource dynamically provisioned using
- this composition will be created.
- This field is planned to be replaced in a future release in favor of
- PublishConnectionDetailsWithStoreConfigRef. Currently, both could be
- set independently and connection details would be published to both
- without affecting each other as long as related fields at MR level
- specified.
- type: string
- required:
- - compositeTypeRef
- - revision
- type: object
- status:
- description: |-
- CompositionRevisionStatus shows the observed state of the composition
- revision.
- properties:
- conditions:
- description: Conditions of the resource.
- items:
- description: A Condition that may apply to a resource.
- properties:
- lastTransitionTime:
- description: |-
- LastTransitionTime is the last time this condition transitioned from one
- status to another.
- format: date-time
- type: string
- message:
- description: |-
- A Message containing details about this condition's last transition from
- one status to another, if any.
- type: string
- observedGeneration:
- description: |-
- ObservedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- type: integer
- reason:
- description: A Reason for this condition's last transition from
- one status to another.
- type: string
- status:
- description: Status of this condition; is it currently True,
- False, or Unknown?
- type: string
- type:
- description: |-
- Type of this condition. At most one of each condition type may apply to
- a resource at any point in time.
- type: string
- required:
- - lastTransitionTime
- - reason
- - status
- - type
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
diff --git a/content/v1.19/api/crds/apiextensions.crossplane.io_compositions.yaml b/content/v1.19/api/crds/apiextensions.crossplane.io_compositions.yaml
deleted file mode 100644
index 9b97bd5de..000000000
--- a/content/v1.19/api/crds/apiextensions.crossplane.io_compositions.yaml
+++ /dev/null
@@ -1,1075 +0,0 @@
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.16.5
- name: compositions.apiextensions.crossplane.io
-spec:
- group: apiextensions.crossplane.io
- names:
- categories:
- - crossplane
- kind: Composition
- listKind: CompositionList
- plural: compositions
- shortNames:
- - comp
- singular: composition
- scope: Cluster
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.compositeTypeRef.kind
- name: XR-KIND
- type: string
- - jsonPath: .spec.compositeTypeRef.apiVersion
- name: XR-APIVERSION
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: AGE
- type: date
- name: v1
- schema:
- openAPIV3Schema:
- description: |-
- A Composition defines a collection of managed resources or functions that
- Crossplane uses to create and manage new composite resources.
-
- Read the Crossplane documentation for
- [more information about Compositions](https://docs.crossplane.io/latest/concepts/compositions).
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: CompositionSpec specifies desired state of a composition.
- properties:
- compositeTypeRef:
- description: |-
- CompositeTypeRef specifies the type of composite resource that this
- composition is compatible with.
- properties:
- apiVersion:
- description: APIVersion of the type.
- type: string
- kind:
- description: Kind of the type.
- type: string
- required:
- - apiVersion
- - kind
- type: object
- x-kubernetes-validations:
- - message: Value is immutable
- rule: self == oldSelf
- mode:
- default: Resources
- description: |-
- Mode controls what type or "mode" of Composition will be used.
-
- "Pipeline" indicates that a Composition specifies a pipeline of
- Composition Functions, each of which is responsible for producing
- composed resources that Crossplane should create or update.
-
- "Resources" indicates that a Composition uses what is commonly referred
- to as "Patch & Transform" or P&T composition. This mode of Composition
- uses an array of resources, each a template for a composed resource.
-
- All Compositions should use Pipeline mode. Resources mode is deprecated.
- Resources mode won't be removed in Crossplane 1.x, and will remain the
- default to avoid breaking legacy Compositions. However, it's no longer
- accepting new features, and only accepting security related bug fixes.
- enum:
- - Resources
- - Pipeline
- type: string
- patchSets:
- description: |-
- PatchSets define a named set of patches that may be included by any
- resource in this Composition. PatchSets cannot themselves refer to other
- PatchSets.
-
- PatchSets are only used by the "Resources" mode of Composition. They
- are ignored by other modes.
-
- Deprecated: Use Composition Functions instead.
- items:
- description: |-
- A PatchSet is a set of patches that can be reused from all resources within
- a Composition.
- properties:
- name:
- description: Name of this PatchSet.
- type: string
- patches:
- description: Patches will be applied as an overlay to the base
- resource.
- items:
- description: |-
- Patch objects are applied between composite and composed resources. Their
- behaviour depends on the Type selected. The default Type,
- FromCompositeFieldPath, copies a value from the composite resource to
- the composed resource, applying any defined transformers.
- properties:
- combine:
- description: |-
- Combine is the patch configuration for a CombineFromComposite or
- CombineToComposite patch.
- properties:
- strategy:
- description: |-
- Strategy defines the strategy to use to combine the input variable values.
- Currently only string is supported.
- enum:
- - string
- type: string
- string:
- description: |-
- String declares that input variables should be combined into a single
- string, using the relevant settings for formatting purposes.
- properties:
- fmt:
- description: |-
- Format the input using a Go format string. See
- https://golang.org/pkg/fmt/ for details.
- type: string
- required:
- - fmt
- type: object
- variables:
- description: |-
- Variables are the list of variables whose values will be retrieved and
- combined.
- items:
- description: |-
- A CombineVariable defines the source of a value that is combined with
- others to form and patch an output value. Currently, this only supports
- retrieving values from a field path.
- properties:
- fromFieldPath:
- description: |-
- FromFieldPath is the path of the field on the source whose value is
- to be used as input.
- type: string
- required:
- - fromFieldPath
- type: object
- minItems: 1
- type: array
- required:
- - strategy
- - variables
- type: object
- fromFieldPath:
- description: |-
- FromFieldPath is the path of the field on the resource whose value is
- to be used as input. Required when type is FromCompositeFieldPath or
- ToCompositeFieldPath.
- type: string
- patchSetName:
- description: PatchSetName to include patches from. Required
- when type is PatchSet.
- type: string
- policy:
- description: Policy configures the specifics of patching
- behaviour.
- properties:
- fromFieldPath:
- description: |-
- FromFieldPath specifies how to patch from a field path. The default is
- 'Optional', which means the patch will be a no-op if the specified
- fromFieldPath does not exist. Use 'Required' if the patch should fail if
- the specified path does not exist.
- enum:
- - Optional
- - Required
- type: string
- mergeOptions:
- description: MergeOptions Specifies merge options
- on a field path.
- properties:
- appendSlice:
- description: Specifies that already existing elements
- in a merged slice should be preserved
- type: boolean
- keepMapValues:
- description: Specifies that already existing values
- in a merged map should be preserved
- type: boolean
- type: object
- type: object
- toFieldPath:
- description: |-
- ToFieldPath is the path of the field on the resource whose value will
- be changed with the result of transforms. Leave empty if you'd like to
- propagate to the same path as fromFieldPath.
- type: string
- transforms:
- description: |-
- Transforms are the list of functions that are used as a FIFO pipe for the
- input to be transformed.
- items:
- description: |-
- Transform is a unit of process whose input is transformed into an output with
- the supplied configuration.
- properties:
- convert:
- description: Convert is used to cast the input into
- the given output type.
- properties:
- format:
- description: |-
- The expected input format.
-
- * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).
- Only used during `string -> float64` conversions.
- * `json` - parses the input as a JSON string.
- Only used during `string -> object` or `string -> list` conversions.
-
- If this property is null, the default conversion is applied.
- enum:
- - none
- - quantity
- - json
- type: string
- toType:
- description: ToType is the type of the output
- of this transform.
- enum:
- - string
- - int
- - int64
- - bool
- - float64
- - object
- - array
- type: string
- required:
- - toType
- type: object
- map:
- additionalProperties:
- x-kubernetes-preserve-unknown-fields: true
- description: Map uses the input as a key in the
- given map and returns the value.
- type: object
- match:
- description: Match is a more complex version of
- Map that matches a list of patterns.
- properties:
- fallbackTo:
- default: Value
- description: Determines to what value the transform
- should fallback if no pattern matches.
- enum:
- - Value
- - Input
- type: string
- fallbackValue:
- description: |-
- The fallback value that should be returned by the transform if now pattern
- matches.
- x-kubernetes-preserve-unknown-fields: true
- patterns:
- description: |-
- The patterns that should be tested against the input string.
- Patterns are tested in order. The value of the first match is used as
- result of this transform.
- items:
- description: |-
- MatchTransformPattern is a transform that returns the value that matches a
- pattern.
- properties:
- literal:
- description: |-
- Literal exactly matches the input string (case sensitive).
- Is required if `type` is `literal`.
- type: string
- regexp:
- description: |-
- Regexp to match against the input string.
- Is required if `type` is `regexp`.
- type: string
- result:
- description: The value that is used as
- result of the transform if the pattern
- matches.
- x-kubernetes-preserve-unknown-fields: true
- type:
- default: literal
- description: |-
- Type specifies how the pattern matches the input.
-
- * `literal` - the pattern value has to exactly match (case sensitive) the
- input string. This is the default.
-
- * `regexp` - the pattern treated as a regular expression against
- which the input string is tested. Crossplane will throw an error if the
- key is not a valid regexp.
- enum:
- - literal
- - regexp
- type: string
- required:
- - result
- - type
- type: object
- type: array
- type: object
- math:
- description: |-
- Math is used to transform the input via mathematical operations such as
- multiplication.
- properties:
- clampMax:
- description: ClampMax makes sure that the value
- is not bigger than the given value.
- format: int64
- type: integer
- clampMin:
- description: ClampMin makes sure that the value
- is not smaller than the given value.
- format: int64
- type: integer
- multiply:
- description: Multiply the value.
- format: int64
- type: integer
- type:
- default: Multiply
- description: Type of the math transform to be
- run.
- enum:
- - Multiply
- - ClampMin
- - ClampMax
- type: string
- type: object
- string:
- description: |-
- String is used to transform the input into a string or a different kind
- of string. Note that the input does not necessarily need to be a string.
- properties:
- convert:
- description: |-
- Optional conversion method to be specified.
- `ToUpper` and `ToLower` change the letter case of the input string.
- `ToBase64` and `FromBase64` perform a base64 conversion based on the input string.
- `ToJson` converts any input value into its raw JSON representation.
- `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input
- converted to JSON.
- `ToAdler32` generate a addler32 hash based on the input string.
- enum:
- - ToUpper
- - ToLower
- - ToBase64
- - FromBase64
- - ToJson
- - ToSha1
- - ToSha256
- - ToSha512
- - ToAdler32
- type: string
- fmt:
- description: |-
- Format the input using a Go format string. See
- https://golang.org/pkg/fmt/ for details.
- type: string
- join:
- description: Join defines parameters to join
- a slice of values to a string.
- properties:
- separator:
- description: |-
- Separator defines the character that should separate the values from each
- other in the joined string.
- type: string
- required:
- - separator
- type: object
- regexp:
- description: Extract a match from the input
- using a regular expression.
- properties:
- group:
- description: Group number to match. 0 (the
- default) matches the entire expression.
- type: integer
- match:
- description: |-
- Match string. May optionally include submatches, aka capture groups.
- See https://pkg.go.dev/regexp/ for details.
- type: string
- required:
- - match
- type: object
- trim:
- description: Trim the prefix or suffix from
- the input
- type: string
- type:
- default: Format
- description: Type of the string transform to
- be run.
- enum:
- - Format
- - Convert
- - TrimPrefix
- - TrimSuffix
- - Regexp
- - Join
- type: string
- type: object
- type:
- description: Type of the transform to be run.
- enum:
- - map
- - match
- - math
- - string
- - convert
- type: string
- required:
- - type
- type: object
- type: array
- type:
- default: FromCompositeFieldPath
- description: |-
- Type sets the patching behaviour to be used. Each patch type may require
- its own fields to be set on the Patch object.
- enum:
- - FromCompositeFieldPath
- - PatchSet
- - ToCompositeFieldPath
- - CombineFromComposite
- - CombineToComposite
- type: string
- type: object
- type: array
- required:
- - name
- - patches
- type: object
- type: array
- pipeline:
- description: |-
- Pipeline is a list of composition function steps that will be used when a
- composite resource referring to this composition is created. One of
- resources and pipeline must be specified - you cannot specify both.
-
- The Pipeline is only used by the "Pipeline" mode of Composition. It is
- ignored by other modes.
- items:
- description: A PipelineStep in a Composition Function pipeline.
- properties:
- credentials:
- description: Credentials are optional credentials that the Composition
- Function needs.
- items:
- description: |-
- FunctionCredentials are optional credentials that a Composition Function
- needs to run.
- properties:
- name:
- description: Name of this set of credentials.
- type: string
- secretRef:
- description: |-
- A SecretRef is a reference to a secret containing credentials that should
- be supplied to the function.
- properties:
- name:
- description: Name of the secret.
- type: string
- namespace:
- description: Namespace of the secret.
- type: string
- required:
- - name
- - namespace
- type: object
- source:
- description: Source of the function credentials.
- enum:
- - None
- - Secret
- type: string
- required:
- - name
- - source
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- functionRef:
- description: |-
- FunctionRef is a reference to the Composition Function this step should
- execute.
- properties:
- name:
- description: Name of the referenced Function.
- type: string
- required:
- - name
- type: object
- input:
- description: |-
- Input is an optional, arbitrary Kubernetes resource (i.e. a resource
- with an apiVersion and kind) that will be passed to the Composition
- Function as the 'input' of its RunFunctionRequest.
- type: object
- x-kubernetes-embedded-resource: true
- x-kubernetes-preserve-unknown-fields: true
- step:
- description: Step name. Must be unique within its Pipeline.
- type: string
- required:
- - functionRef
- - step
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - step
- x-kubernetes-list-type: map
- publishConnectionDetailsWithStoreConfigRef:
- default:
- name: default
- description: |-
- PublishConnectionDetailsWithStoreConfig specifies the secret store config
- with which the connection details of composite resources dynamically
- provisioned using this composition will be published.
-
- THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored
- unless the relevant Crossplane feature flag is enabled, and may be
- changed or removed without notice.
- properties:
- name:
- description: Name of the referenced StoreConfig.
- type: string
- required:
- - name
- type: object
- resources:
- description: |-
- Resources is a list of resource templates that will be used when a
- composite resource referring to this composition is created.
-
- Resources are only used by the "Resources" mode of Composition. They are
- ignored by other modes.
-
- Deprecated: Use Composition Functions instead.
- items:
- description: |-
- ComposedTemplate is used to provide information about how the composed resource
- should be processed.
- properties:
- base:
- description: Base is the target resource that the patches will
- be applied on.
- type: object
- x-kubernetes-embedded-resource: true
- x-kubernetes-preserve-unknown-fields: true
- connectionDetails:
- description: |-
- ConnectionDetails lists the propagation secret keys from this target
- resource to the composition instance connection secret.
- items:
- description: |-
- ConnectionDetail includes the information about the propagation of the connection
- information from one secret to another.
- properties:
- fromConnectionSecretKey:
- description: |-
- FromConnectionSecretKey is the key that will be used to fetch the value
- from the composed resource's connection secret.
- type: string
- fromFieldPath:
- description: |-
- FromFieldPath is the path of the field on the composed resource whose
- value to be used as input. Name must be specified if the type is
- FromFieldPath.
- type: string
- name:
- description: |-
- Name of the connection secret key that will be propagated to the
- connection secret of the composition instance. Leave empty if you'd like
- to use the same key name.
- type: string
- type:
- description: |-
- Type sets the connection detail fetching behaviour to be used. Each
- connection detail type may require its own fields to be set on the
- ConnectionDetail object. If the type is omitted Crossplane will attempt
- to infer it based on which other fields were specified. If multiple
- fields are specified the order of precedence is:
- 1. FromValue
- 2. FromConnectionSecretKey
- 3. FromFieldPath
- enum:
- - FromConnectionSecretKey
- - FromFieldPath
- - FromValue
- type: string
- value:
- description: |-
- Value that will be propagated to the connection secret of the composite
- resource. May be set to inject a fixed, non-sensitive connection secret
- value, for example a well-known port.
- type: string
- type: object
- type: array
- name:
- description: |-
- A Name uniquely identifies this entry within its Composition's resources
- array. Names are optional but *strongly* recommended. When all entries in
- the resources array are named entries may added, deleted, and reordered
- as long as their names do not change. When entries are not named the
- length and order of the resources array should be treated as immutable.
- Either all or no entries must be named.
- type: string
- patches:
- description: Patches will be applied as overlay to the base
- resource.
- items:
- description: |-
- Patch objects are applied between composite and composed resources. Their
- behaviour depends on the Type selected. The default Type,
- FromCompositeFieldPath, copies a value from the composite resource to
- the composed resource, applying any defined transformers.
- properties:
- combine:
- description: |-
- Combine is the patch configuration for a CombineFromComposite or
- CombineToComposite patch.
- properties:
- strategy:
- description: |-
- Strategy defines the strategy to use to combine the input variable values.
- Currently only string is supported.
- enum:
- - string
- type: string
- string:
- description: |-
- String declares that input variables should be combined into a single
- string, using the relevant settings for formatting purposes.
- properties:
- fmt:
- description: |-
- Format the input using a Go format string. See
- https://golang.org/pkg/fmt/ for details.
- type: string
- required:
- - fmt
- type: object
- variables:
- description: |-
- Variables are the list of variables whose values will be retrieved and
- combined.
- items:
- description: |-
- A CombineVariable defines the source of a value that is combined with
- others to form and patch an output value. Currently, this only supports
- retrieving values from a field path.
- properties:
- fromFieldPath:
- description: |-
- FromFieldPath is the path of the field on the source whose value is
- to be used as input.
- type: string
- required:
- - fromFieldPath
- type: object
- minItems: 1
- type: array
- required:
- - strategy
- - variables
- type: object
- fromFieldPath:
- description: |-
- FromFieldPath is the path of the field on the resource whose value is
- to be used as input. Required when type is FromCompositeFieldPath or
- ToCompositeFieldPath.
- type: string
- patchSetName:
- description: PatchSetName to include patches from. Required
- when type is PatchSet.
- type: string
- policy:
- description: Policy configures the specifics of patching
- behaviour.
- properties:
- fromFieldPath:
- description: |-
- FromFieldPath specifies how to patch from a field path. The default is
- 'Optional', which means the patch will be a no-op if the specified
- fromFieldPath does not exist. Use 'Required' if the patch should fail if
- the specified path does not exist.
- enum:
- - Optional
- - Required
- type: string
- mergeOptions:
- description: MergeOptions Specifies merge options
- on a field path.
- properties:
- appendSlice:
- description: Specifies that already existing elements
- in a merged slice should be preserved
- type: boolean
- keepMapValues:
- description: Specifies that already existing values
- in a merged map should be preserved
- type: boolean
- type: object
- type: object
- toFieldPath:
- description: |-
- ToFieldPath is the path of the field on the resource whose value will
- be changed with the result of transforms. Leave empty if you'd like to
- propagate to the same path as fromFieldPath.
- type: string
- transforms:
- description: |-
- Transforms are the list of functions that are used as a FIFO pipe for the
- input to be transformed.
- items:
- description: |-
- Transform is a unit of process whose input is transformed into an output with
- the supplied configuration.
- properties:
- convert:
- description: Convert is used to cast the input into
- the given output type.
- properties:
- format:
- description: |-
- The expected input format.
-
- * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).
- Only used during `string -> float64` conversions.
- * `json` - parses the input as a JSON string.
- Only used during `string -> object` or `string -> list` conversions.
-
- If this property is null, the default conversion is applied.
- enum:
- - none
- - quantity
- - json
- type: string
- toType:
- description: ToType is the type of the output
- of this transform.
- enum:
- - string
- - int
- - int64
- - bool
- - float64
- - object
- - array
- type: string
- required:
- - toType
- type: object
- map:
- additionalProperties:
- x-kubernetes-preserve-unknown-fields: true
- description: Map uses the input as a key in the
- given map and returns the value.
- type: object
- match:
- description: Match is a more complex version of
- Map that matches a list of patterns.
- properties:
- fallbackTo:
- default: Value
- description: Determines to what value the transform
- should fallback if no pattern matches.
- enum:
- - Value
- - Input
- type: string
- fallbackValue:
- description: |-
- The fallback value that should be returned by the transform if now pattern
- matches.
- x-kubernetes-preserve-unknown-fields: true
- patterns:
- description: |-
- The patterns that should be tested against the input string.
- Patterns are tested in order. The value of the first match is used as
- result of this transform.
- items:
- description: |-
- MatchTransformPattern is a transform that returns the value that matches a
- pattern.
- properties:
- literal:
- description: |-
- Literal exactly matches the input string (case sensitive).
- Is required if `type` is `literal`.
- type: string
- regexp:
- description: |-
- Regexp to match against the input string.
- Is required if `type` is `regexp`.
- type: string
- result:
- description: The value that is used as
- result of the transform if the pattern
- matches.
- x-kubernetes-preserve-unknown-fields: true
- type:
- default: literal
- description: |-
- Type specifies how the pattern matches the input.
-
- * `literal` - the pattern value has to exactly match (case sensitive) the
- input string. This is the default.
-
- * `regexp` - the pattern treated as a regular expression against
- which the input string is tested. Crossplane will throw an error if the
- key is not a valid regexp.
- enum:
- - literal
- - regexp
- type: string
- required:
- - result
- - type
- type: object
- type: array
- type: object
- math:
- description: |-
- Math is used to transform the input via mathematical operations such as
- multiplication.
- properties:
- clampMax:
- description: ClampMax makes sure that the value
- is not bigger than the given value.
- format: int64
- type: integer
- clampMin:
- description: ClampMin makes sure that the value
- is not smaller than the given value.
- format: int64
- type: integer
- multiply:
- description: Multiply the value.
- format: int64
- type: integer
- type:
- default: Multiply
- description: Type of the math transform to be
- run.
- enum:
- - Multiply
- - ClampMin
- - ClampMax
- type: string
- type: object
- string:
- description: |-
- String is used to transform the input into a string or a different kind
- of string. Note that the input does not necessarily need to be a string.
- properties:
- convert:
- description: |-
- Optional conversion method to be specified.
- `ToUpper` and `ToLower` change the letter case of the input string.
- `ToBase64` and `FromBase64` perform a base64 conversion based on the input string.
- `ToJson` converts any input value into its raw JSON representation.
- `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input
- converted to JSON.
- `ToAdler32` generate a addler32 hash based on the input string.
- enum:
- - ToUpper
- - ToLower
- - ToBase64
- - FromBase64
- - ToJson
- - ToSha1
- - ToSha256
- - ToSha512
- - ToAdler32
- type: string
- fmt:
- description: |-
- Format the input using a Go format string. See
- https://golang.org/pkg/fmt/ for details.
- type: string
- join:
- description: Join defines parameters to join
- a slice of values to a string.
- properties:
- separator:
- description: |-
- Separator defines the character that should separate the values from each
- other in the joined string.
- type: string
- required:
- - separator
- type: object
- regexp:
- description: Extract a match from the input
- using a regular expression.
- properties:
- group:
- description: Group number to match. 0 (the
- default) matches the entire expression.
- type: integer
- match:
- description: |-
- Match string. May optionally include submatches, aka capture groups.
- See https://pkg.go.dev/regexp/ for details.
- type: string
- required:
- - match
- type: object
- trim:
- description: Trim the prefix or suffix from
- the input
- type: string
- type:
- default: Format
- description: Type of the string transform to
- be run.
- enum:
- - Format
- - Convert
- - TrimPrefix
- - TrimSuffix
- - Regexp
- - Join
- type: string
- type: object
- type:
- description: Type of the transform to be run.
- enum:
- - map
- - match
- - math
- - string
- - convert
- type: string
- required:
- - type
- type: object
- type: array
- type:
- default: FromCompositeFieldPath
- description: |-
- Type sets the patching behaviour to be used. Each patch type may require
- its own fields to be set on the Patch object.
- enum:
- - FromCompositeFieldPath
- - PatchSet
- - ToCompositeFieldPath
- - CombineFromComposite
- - CombineToComposite
- type: string
- type: object
- type: array
- readinessChecks:
- default:
- - matchCondition:
- status: "True"
- type: Ready
- type: MatchCondition
- description: |-
- ReadinessChecks allows users to define custom readiness checks. All checks
- have to return true in order for resource to be considered ready. The
- default readiness check is to have the "Ready" condition to be "True".
- items:
- description: |-
- ReadinessCheck is used to indicate how to tell whether a resource is ready
- for consumption.
- properties:
- fieldPath:
- description: FieldPath shows the path of the field whose
- value will be used.
- type: string
- matchCondition:
- description: MatchCondition specifies the condition you'd
- like to match if you're using "MatchCondition" type.
- properties:
- status:
- default: "True"
- description: Status is the status of the condition
- you'd like to match.
- type: string
- type:
- default: Ready
- description: Type indicates the type of condition
- you'd like to use.
- type: string
- required:
- - status
- - type
- type: object
- matchInteger:
- description: MatchInt is the value you'd like to match
- if you're using "MatchInt" type.
- format: int64
- type: integer
- matchString:
- description: MatchString is the value you'd like to match
- if you're using "MatchString" type.
- type: string
- type:
- description: Type indicates the type of probe you'd like
- to use.
- enum:
- - MatchString
- - MatchInteger
- - NonEmpty
- - MatchCondition
- - MatchTrue
- - MatchFalse
- - None
- type: string
- required:
- - type
- type: object
- type: array
- required:
- - base
- type: object
- type: array
- writeConnectionSecretsToNamespace:
- description: |-
- WriteConnectionSecretsToNamespace specifies the namespace in which the
- connection secrets of composite resource dynamically provisioned using
- this composition will be created.
- This field is planned to be replaced in a future release in favor of
- PublishConnectionDetailsWithStoreConfigRef. Currently, both could be
- set independently and connection details would be published to both
- without affecting each other as long as related fields at MR level
- specified.
- type: string
- required:
- - compositeTypeRef
- type: object
- type: object
- served: true
- storage: true
- subresources: {}
diff --git a/content/v1.19/api/crds/pkg.crossplane.io_controllerconfigs.yaml b/content/v1.19/api/crds/pkg.crossplane.io_controllerconfigs.yaml
deleted file mode 100644
index 03bc569bc..000000000
--- a/content/v1.19/api/crds/pkg.crossplane.io_controllerconfigs.yaml
+++ /dev/null
@@ -1,3675 +0,0 @@
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.16.5
- name: controllerconfigs.pkg.crossplane.io
-spec:
- group: pkg.crossplane.io
- names:
- kind: ControllerConfig
- listKind: ControllerConfigList
- plural: controllerconfigs
- singular: controllerconfig
- scope: Cluster
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: AGE
- type: date
- deprecated: true
- deprecationWarning: ControllerConfig.pkg.crossplane.io/v1alpha1 is deprecated.
- Use DeploymentRuntimeConfig from pkg.crossplane.io/v1beta1 instead.
- name: v1alpha1
- schema:
- openAPIV3Schema:
- description: |-
- A ControllerConfig applies settings to controllers like Provider pods.
- Deprecated: Use the
- [DeploymentRuntimeConfig](https://docs.crossplane.io/latest/concepts/providers#runtime-configuration)
- instead.
-
- Read the
- [Package Runtime Configuration](https://github.com/crossplane/crossplane/blob/11bbe13ea3604928cc4e24e8d0d18f3f5f7e847c/design/one-pager-package-runtime-config.md)
- design document for more details.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: |-
- ControllerConfigSpec specifies the configuration for a packaged controller.
- Values provided will override package manager defaults. Labels and
- annotations are passed to both the controller Deployment and ServiceAccount.
- properties:
- affinity:
- description: If specified, the pod's scheduling constraints
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling rules for the
- pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated with the
- corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector requirements
- by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector requirements
- by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with matching the corresponding
- nodeSelectorTerm, in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node selector terms.
- The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector requirements
- by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector requirements
- by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling rules (e.g. co-locate
- this pod in the same node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched WeightedPodAffinityTerm
- fields are added per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term, associated
- with the corresponding weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling rules (e.g.
- avoid putting this pod in the same node, zone, etc. as some
- other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched WeightedPodAffinityTerm
- fields are added per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term, associated
- with the corresponding weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- args:
- description: |-
- Arguments to the entrypoint.
- The docker image's CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax
- can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded,
- regardless of whether the variable exists or not.
- Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- items:
- type: string
- type: array
- env:
- description: |-
- List of environment variables to set in the container.
- Cannot be updated.
- items:
- description: EnvVar represents an environment variable present in
- a Container.
- properties:
- name:
- description: Name of the environment variable. Must be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment variable's value. Cannot
- be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the ConfigMap or its key
- must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema the FieldPath is
- written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in the specified
- API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required for volumes,
- optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of the exposed
- resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the pod's namespace
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: |-
- List of sources to populate environment variables in the container.
- The keys defined within a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container is starting. When a key exists in multiple
- sources, the value associated with the last source will take precedence.
- Values defined by an Env with a duplicate key will take precedence.
- Cannot be updated.
- items:
- description: EnvFromSource represents the source of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the ConfigMap must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend to each key in
- the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description: |-
- Docker image name.
- More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config management to default or override
- container images in workload controllers like Deployments and StatefulSets.
- type: string
- imagePullPolicy:
- description: |-
- Image pull policy.
- One of Always, Never, IfNotPresent.
- Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
- type: string
- imagePullSecrets:
- description: |-
- ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
- If specified, these secrets will be passed to individual puller implementations for them to use. For example,
- in the case of docker, only DockerConfig type secrets are honored.
- More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
- Setting ImagePullSecrets will replace any secrets that have been
- propagated to a controller Deployment, typically via packagePullSecrets.
- items:
- description: |-
- LocalObjectReference contains enough information to let you locate the
- referenced object inside the same namespace.
- properties:
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- type: object
- x-kubernetes-map-type: atomic
- type: array
- metadata:
- description: Metadata that will be added to the provider Pod.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http:https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and
- categorize (scope and select) objects. This will only affect
- labels on the pod, not the pod selector. Labels will be merged
- with internal labels used by crossplane, and labels with a
- crossplane.io key might be overwritten.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
- type: object
- type: object
- nodeName:
- description: |-
- NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
- the scheduler simply schedules this pod onto that node, assuming that it fits resource
- requirements.
- type: string
- nodeSelector:
- additionalProperties:
- type: string
- description: |-
- NodeSelector is a selector which must be true for the pod to fit on a node.
- Selector which must match a node's labels for the pod to be scheduled on that node.
- More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
- type: object
- podSecurityContext:
- description: |-
- PodSecurityContext holds pod-level security attributes and common container settings.
- Optional: Defaults to empty. See type description for default values of each field.
- properties:
- appArmorProfile:
- description: |-
- appArmorProfile is the AppArmor options to use by the containers in this pod.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- localhostProfile:
- description: |-
- localhostProfile indicates a profile loaded on the node that should be used.
- The profile must be preconfigured on the node to work.
- Must match the loaded name of the profile.
- Must be set if and only if type is "Localhost".
- type: string
- type:
- description: |-
- type indicates which kind of AppArmor profile will be applied.
- Valid options are:
- Localhost - a profile pre-loaded on the node.
- RuntimeDefault - the container runtime's default profile.
- Unconfined - no AppArmor enforcement.
- type: string
- required:
- - type
- type: object
- fsGroup:
- description: |-
- A special supplemental group that applies to all containers in a pod.
- Some volume types allow the Kubelet to change the ownership of that volume
- to be owned by the pod:
-
- 1. The owning GID will be the FSGroup
- 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
- 3. The permission bits are OR'd with rw-rw----
-
- If unset, the Kubelet will not modify the ownership and permissions of any volume.
- Note that this field cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- fsGroupChangePolicy:
- description: |-
- fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
- before being exposed inside Pod. This field will only apply to
- volume types which support fsGroup based ownership(and permissions).
- It will have no effect on ephemeral volume types such as: secret, configmaps
- and emptydir.
- Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
- Note that this field cannot be set when spec.os.name is windows.
- type: string
- runAsGroup:
- description: |-
- The GID to run the entrypoint of the container process.
- Uses runtime default if unset.
- May also be set in SecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence
- for that container.
- Note that this field cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: |-
- Indicates that the container must run as a non-root user.
- If true, the Kubelet will validate the image at runtime to ensure that it
- does not run as UID 0 (root) and fail to start the container if it does.
- If unset or false, no such validation will be performed.
- May also be set in SecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: |-
- The UID to run the entrypoint of the container process.
- Defaults to user specified in image metadata if unspecified.
- May also be set in SecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence
- for that container.
- Note that this field cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: |-
- The SELinux context to be applied to all containers.
- If unspecified, the container runtime will allocate a random SELinux context for each
- container. May also be set in SecurityContext. If set in
- both SecurityContext and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label that applies to
- the container.
- type: string
- role:
- description: Role is a SELinux role label that applies to
- the container.
- type: string
- type:
- description: Type is a SELinux type label that applies to
- the container.
- type: string
- user:
- description: User is a SELinux user label that applies to
- the container.
- type: string
- type: object
- seccompProfile:
- description: |-
- The seccomp options to use by the containers in this pod.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- localhostProfile:
- description: |-
- localhostProfile indicates a profile defined in a file on the node should be used.
- The profile must be preconfigured on the node to work.
- Must be a descending path, relative to the kubelet's configured seccomp profile location.
- Must be set if type is "Localhost". Must NOT be set for any other type.
- type: string
- type:
- description: |-
- type indicates which kind of seccomp profile will be applied.
- Valid options are:
-
- Localhost - a profile defined in a file on the node should be used.
- RuntimeDefault - the container runtime default profile should be used.
- Unconfined - no profile should be applied.
- type: string
- required:
- - type
- type: object
- supplementalGroups:
- description: |-
- A list of groups applied to the first process run in each container, in
- addition to the container's primary GID and fsGroup (if specified). If
- the SupplementalGroupsPolicy feature is enabled, the
- supplementalGroupsPolicy field determines whether these are in addition
- to or instead of any group memberships defined in the container image.
- If unspecified, no additional groups are added, though group memberships
- defined in the container image may still be used, depending on the
- supplementalGroupsPolicy field.
- Note that this field cannot be set when spec.os.name is windows.
- items:
- format: int64
- type: integer
- type: array
- x-kubernetes-list-type: atomic
- supplementalGroupsPolicy:
- description: |-
- Defines how supplemental groups of the first container processes are calculated.
- Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
- (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
- and the container runtime must implement support for this feature.
- Note that this field cannot be set when spec.os.name is windows.
- type: string
- sysctls:
- description: |-
- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
- sysctls (by the container runtime) might fail to launch.
- Note that this field cannot be set when spec.os.name is windows.
- items:
- description: Sysctl defines a kernel parameter to be set
- properties:
- name:
- description: Name of a property to set
- type: string
- value:
- description: Value of a property to set
- type: string
- required:
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-type: atomic
- windowsOptions:
- description: |-
- The Windows specific settings applied to all containers.
- If unspecified, the options within a container's SecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: |-
- GMSACredentialSpec is where the GMSA admission webhook
- (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
- GMSA credential spec named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name of the GMSA
- credential spec to use.
- type: string
- hostProcess:
- description: |-
- HostProcess determines if a container should be run as a 'Host Process' container.
- All of a Pod's containers must have the same effective HostProcess value
- (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
- In addition, if HostProcess is true then HostNetwork must also be set to true.
- type: boolean
- runAsUserName:
- description: |-
- The UserName in Windows to run the entrypoint of the container process.
- Defaults to the user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- type: string
- type: object
- type: object
- ports:
- description: List of container ports to expose on the container
- items:
- description: ContainerPort represents a network port in a single
- container.
- properties:
- containerPort:
- description: |-
- Number of port to expose on the pod's IP address.
- This must be a valid port number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external port to.
- type: string
- hostPort:
- description: |-
- Number of port to expose on the host.
- If specified, this must be a valid port number, 0 < x < 65536.
- If HostNetwork is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: |-
- If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
- named port in a pod must have a unique name. Name for the port that can be
- referred to by services.
- type: string
- protocol:
- default: TCP
- description: |-
- Protocol for port. Must be UDP, TCP, or SCTP.
- Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- priorityClassName:
- description: |-
- If specified, indicates the pod's priority. "system-node-critical" and
- "system-cluster-critical" are two special keywords which indicate the
- highest priorities with the former being the highest priority. Any other
- name must be defined by creating a PriorityClass object with that name.
- If not specified, the pod priority will be default or zero if there is no
- default.
- type: string
- replicas:
- description: |-
- Number of desired pods. This is a pointer to distinguish between explicit
- zero and not specified. Defaults to 1.
- Note: If more than 1 replica is set and leader election is not enabled then
- controllers could conflict. Environment variable "LEADER_ELECTION" can be
- used to enable leader election process.
- format: int32
- type: integer
- resources:
- description: |-
- Compute Resources required by this container.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
-
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
-
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- runtimeClassName:
- description: |-
- RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
- to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.
- If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
- empty definition that uses the default runtime handler.
- More info: https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/585-runtime-class/README.md
- This is a beta feature as of Kubernetes v1.14.
- type: string
- securityContext:
- description: |-
- SecurityContext holds container-level security attributes and common container settings.
- Optional: Defaults to empty. See type description for default values of each field.
- properties:
- allowPrivilegeEscalation:
- description: |-
- AllowPrivilegeEscalation controls whether a process can gain more
- privileges than its parent process. This bool directly controls if
- the no_new_privs flag will be set on the container process.
- AllowPrivilegeEscalation is true always when the container is:
- 1) run as Privileged
- 2) has CAP_SYS_ADMIN
- Note that this field cannot be set when spec.os.name is windows.
- type: boolean
- appArmorProfile:
- description: |-
- appArmorProfile is the AppArmor options to use by this container. If set, this profile
- overrides the pod's appArmorProfile.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- localhostProfile:
- description: |-
- localhostProfile indicates a profile loaded on the node that should be used.
- The profile must be preconfigured on the node to work.
- Must match the loaded name of the profile.
- Must be set if and only if type is "Localhost".
- type: string
- type:
- description: |-
- type indicates which kind of AppArmor profile will be applied.
- Valid options are:
- Localhost - a profile pre-loaded on the node.
- RuntimeDefault - the container runtime's default profile.
- Unconfined - no AppArmor enforcement.
- type: string
- required:
- - type
- type: object
- capabilities:
- description: |-
- The capabilities to add/drop when running containers.
- Defaults to the default set of capabilities granted by the container runtime.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX capabilities type
- type: string
- type: array
- x-kubernetes-list-type: atomic
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX capabilities type
- type: string
- type: array
- x-kubernetes-list-type: atomic
- type: object
- privileged:
- description: |-
- Run container in privileged mode.
- Processes in privileged containers are essentially equivalent to root on the host.
- Defaults to false.
- Note that this field cannot be set when spec.os.name is windows.
- type: boolean
- procMount:
- description: |-
- procMount denotes the type of proc mount to use for the containers.
- The default value is Default which uses the container runtime defaults for
- readonly paths and masked paths.
- This requires the ProcMountType feature flag to be enabled.
- Note that this field cannot be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: |-
- Whether this container has a read-only root filesystem.
- Default is false.
- Note that this field cannot be set when spec.os.name is windows.
- type: boolean
- runAsGroup:
- description: |-
- The GID to run the entrypoint of the container process.
- Uses runtime default if unset.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: |-
- Indicates that the container must run as a non-root user.
- If true, the Kubelet will validate the image at runtime to ensure that it
- does not run as UID 0 (root) and fail to start the container if it does.
- If unset or false, no such validation will be performed.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: |-
- The UID to run the entrypoint of the container process.
- Defaults to user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: |-
- The SELinux context to be applied to the container.
- If unspecified, the container runtime will allocate a random SELinux context for each
- container. May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label that applies to
- the container.
- type: string
- role:
- description: Role is a SELinux role label that applies to
- the container.
- type: string
- type:
- description: Type is a SELinux type label that applies to
- the container.
- type: string
- user:
- description: User is a SELinux user label that applies to
- the container.
- type: string
- type: object
- seccompProfile:
- description: |-
- The seccomp options to use by this container. If seccomp options are
- provided at both the pod & container level, the container options
- override the pod options.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- localhostProfile:
- description: |-
- localhostProfile indicates a profile defined in a file on the node should be used.
- The profile must be preconfigured on the node to work.
- Must be a descending path, relative to the kubelet's configured seccomp profile location.
- Must be set if type is "Localhost". Must NOT be set for any other type.
- type: string
- type:
- description: |-
- type indicates which kind of seccomp profile will be applied.
- Valid options are:
-
- Localhost - a profile defined in a file on the node should be used.
- RuntimeDefault - the container runtime default profile should be used.
- Unconfined - no profile should be applied.
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: |-
- The Windows specific settings applied to all containers.
- If unspecified, the options from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: |-
- GMSACredentialSpec is where the GMSA admission webhook
- (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
- GMSA credential spec named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name of the GMSA
- credential spec to use.
- type: string
- hostProcess:
- description: |-
- HostProcess determines if a container should be run as a 'Host Process' container.
- All of a Pod's containers must have the same effective HostProcess value
- (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
- In addition, if HostProcess is true then HostNetwork must also be set to true.
- type: boolean
- runAsUserName:
- description: |-
- The UserName in Windows to run the entrypoint of the container process.
- Defaults to the user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- type: string
- type: object
- type: object
- serviceAccountName:
- description: |-
- ServiceAccountName is the name of the ServiceAccount to use to run this pod.
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- If specified, a ServiceAccount named this ServiceAccountName will be used for
- the spec.serviceAccountName field in Pods to be created and for the subjects.name field
- in a ClusterRoleBinding to be created.
- If there is no ServiceAccount named this ServiceAccountName, a new ServiceAccount
- will be created.
- If there is a pre-existing ServiceAccount named this ServiceAccountName, the ServiceAccount
- will be used. The annotations in the ControllerConfig will be copied to the ServiceAccount
- and pre-existing annotations will be kept.
- Regardless of whether there is a ServiceAccount created by Crossplane or is in place already,
- the ServiceAccount will be deleted once the Provider and ControllerConfig are deleted.
- type: string
- tolerations:
- description: If specified, the pod's tolerations.
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple using the matching operator .
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- volumeMounts:
- description: |-
- List of VolumeMounts to mount into the container's filesystem.
- Cannot be updated.
- items:
- description: VolumeMount describes a mounting of a Volume within
- a container.
- properties:
- mountPath:
- description: |-
- Path within the container at which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: |-
- mountPropagation determines how mounts are propagated from the host
- to container and the other way around.
- When not set, MountPropagationNone is used.
- This field is beta in 1.10.
- When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
- (which defaults to None).
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: |-
- Mounted read-only if true, read-write otherwise (false or unspecified).
- Defaults to false.
- type: boolean
- recursiveReadOnly:
- description: |-
- RecursiveReadOnly specifies whether read-only mounts should be handled
- recursively.
-
- If ReadOnly is false, this field has no meaning and must be unspecified.
-
- If ReadOnly is true, and this field is set to Disabled, the mount is not made
- recursively read-only. If this field is set to IfPossible, the mount is made
- recursively read-only, if it is supported by the container runtime. If this
- field is set to Enabled, the mount is made recursively read-only if it is
- supported by the container runtime, otherwise the pod will not be started and
- an error will be generated to indicate the reason.
-
- If this field is set to IfPossible or Enabled, MountPropagation must be set to
- None (or be unspecified, which defaults to None).
-
- If this field is not specified, it is treated as an equivalent of Disabled.
- type: string
- subPath:
- description: |-
- Path within the volume from which the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: |-
- Expanded path within the volume from which the container's volume should be mounted.
- Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
- Defaults to "" (volume's root).
- SubPathExpr and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- volumes:
- description: |-
- List of volumes that can be mounted by containers belonging to the pod.
- More info: https://kubernetes.io/docs/concepts/storage/volumes
- items:
- description: Volume represents a named volume in a pod that may
- be accessed by any container in the pod.
- properties:
- awsElasticBlockStore:
- description: |-
- awsElasticBlockStore represents an AWS Disk resource that is attached to a
- kubelet's host machine and then exposed to the pod.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- properties:
- fsType:
- description: |-
- fsType is the filesystem type of the volume that you want to mount.
- Tip: Ensure that the filesystem type is supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- type: string
- partition:
- description: |-
- partition is the partition in the volume that you want to mount.
- If omitted, the default is to mount by volume name.
- Examples: For volume /dev/sda1, you specify the partition as "1".
- Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
- format: int32
- type: integer
- readOnly:
- description: |-
- readOnly value true will force the readOnly setting in VolumeMounts.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- type: boolean
- volumeID:
- description: |-
- volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- type: string
- required:
- - volumeID
- type: object
- azureDisk:
- description: azureDisk represents an Azure Data Disk mount on
- the host and bind mount to the pod.
- properties:
- cachingMode:
- description: 'cachingMode is the Host Caching mode: None,
- Read Only, Read Write.'
- type: string
- diskName:
- description: diskName is the Name of the data disk in the
- blob storage
- type: string
- diskURI:
- description: diskURI is the URI of data disk in the blob
- storage
- type: string
- fsType:
- default: ext4
- description: |-
- fsType is Filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- kind:
- description: 'kind expected values are Shared: multiple
- blob disks per storage account Dedicated: single blob
- disk per storage account Managed: azure managed data
- disk (only in managed availability set). defaults to shared'
- type: string
- readOnly:
- default: false
- description: |-
- readOnly Defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- required:
- - diskName
- - diskURI
- type: object
- azureFile:
- description: azureFile represents an Azure File Service mount
- on the host and bind mount to the pod.
- properties:
- readOnly:
- description: |-
- readOnly defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- secretName:
- description: secretName is the name of secret that contains
- Azure Storage Account Name and Key
- type: string
- shareName:
- description: shareName is the azure share Name
- type: string
- required:
- - secretName
- - shareName
- type: object
- cephfs:
- description: cephFS represents a Ceph FS mount on the host that
- shares a pod's lifetime
- properties:
- monitors:
- description: |-
- monitors is Required: Monitors is a collection of Ceph monitors
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- path:
- description: 'path is Optional: Used as the mounted root,
- rather than the full Ceph tree, default is /'
- type: string
- readOnly:
- description: |-
- readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- type: boolean
- secretFile:
- description: |-
- secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- type: string
- secretRef:
- description: |-
- secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- properties:
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: |-
- user is optional: User is the rados user name, default is admin
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- type: string
- required:
- - monitors
- type: object
- cinder:
- description: |-
- cinder represents a cinder volume attached and mounted on kubelets host machine.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- properties:
- fsType:
- description: |-
- fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- type: string
- readOnly:
- description: |-
- readOnly defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- type: boolean
- secretRef:
- description: |-
- secretRef is optional: points to a secret object containing parameters used to connect
- to OpenStack.
- properties:
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeID:
- description: |-
- volumeID used to identify the volume in cinder.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- type: string
- required:
- - volumeID
- type: object
- configMap:
- description: configMap represents a configMap that should populate
- this volume
- properties:
- defaultMode:
- description: |-
- defaultMode is optional: mode bits used to set permissions on created files by default.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- Defaults to 0644.
- Directories within the path are not affected by this setting.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- items:
- description: |-
- items if unspecified, each key-value pair in the Data field of the referenced
- ConfigMap will be projected into the volume as a file whose name is the
- key and content is the value. If specified, the listed keys will be
- projected into the specified paths, and unlisted keys will not be
- present. If a key is specified which is not present in the ConfigMap,
- the volume setup will error unless it is marked optional. Paths must be
- relative and may not contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: |-
- mode is Optional: mode bits used to set permissions on this file.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- If not specified, the volume defaultMode will be used.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- path:
- description: |-
- path is the relative path of the file to map the key to.
- May not be an absolute path.
- May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- x-kubernetes-list-type: atomic
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: optional specify whether the ConfigMap or its
- keys must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- csi:
- description: csi (Container Storage Interface) represents ephemeral
- storage that is handled by certain external CSI drivers (Beta
- feature).
- properties:
- driver:
- description: |-
- driver is the name of the CSI driver that handles this volume.
- Consult with your admin for the correct name as registered in the cluster.
- type: string
- fsType:
- description: |-
- fsType to mount. Ex. "ext4", "xfs", "ntfs".
- If not provided, the empty value is passed to the associated CSI driver
- which will determine the default filesystem to apply.
- type: string
- nodePublishSecretRef:
- description: |-
- nodePublishSecretRef is a reference to the secret object containing
- sensitive information to pass to the CSI driver to complete the CSI
- NodePublishVolume and NodeUnpublishVolume calls.
- This field is optional, and may be empty if no secret is required. If the
- secret object contains more than one secret, all secret references are passed.
- properties:
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- type: object
- x-kubernetes-map-type: atomic
- readOnly:
- description: |-
- readOnly specifies a read-only configuration for the volume.
- Defaults to false (read/write).
- type: boolean
- volumeAttributes:
- additionalProperties:
- type: string
- description: |-
- volumeAttributes stores driver-specific properties that are passed to the CSI
- driver. Consult your driver's documentation for supported values.
- type: object
- required:
- - driver
- type: object
- downwardAPI:
- description: downwardAPI represents downward API about the pod
- that should populate this volume
- properties:
- defaultMode:
- description: |-
- Optional: mode bits to use on created files by default. Must be a
- Optional: mode bits used to set permissions on created files by default.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- Defaults to 0644.
- Directories within the path are not affected by this setting.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- items:
- description: Items is a list of downward API volume file
- items:
- description: DownwardAPIVolumeFile represents information
- to create the file containing the pod field
- properties:
- fieldRef:
- description: 'Required: Selects a field of the pod:
- only annotations, labels, name, namespace and uid
- are supported.'
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in the
- specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: |-
- Optional: mode bits used to set permissions on this file, must be an octal value
- between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- If not specified, the volume defaultMode will be used.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- path:
- description: 'Required: Path is the relative path
- name of the file to be created. Must not be absolute
- or contain the ''..'' path. Must be utf-8 encoded.
- The first item of the relative path must not start
- with ''..'''
- type: string
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
- properties:
- containerName:
- description: 'Container name: required for volumes,
- optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of the
- exposed resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- emptyDir:
- description: |-
- emptyDir represents a temporary directory that shares a pod's lifetime.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- properties:
- medium:
- description: |-
- medium represents what type of storage medium should back this directory.
- The default is "" which means to use the node's default medium.
- Must be an empty string (default) or Memory.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- type: string
- sizeLimit:
- anyOf:
- - type: integer
- - type: string
- description: |-
- sizeLimit is the total amount of local storage required for this EmptyDir volume.
- The size limit is also applicable for memory medium.
- The maximum usage on memory medium EmptyDir would be the minimum value between
- the SizeLimit specified here and the sum of memory limits of all containers in a pod.
- The default is nil which means that the limit is undefined.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- type: object
- ephemeral:
- description: |-
- ephemeral represents a volume that is handled by a cluster storage driver.
- The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
- and deleted when the pod is removed.
-
- Use this if:
- a) the volume is only needed while the pod runs,
- b) features of normal volumes like restoring from snapshot or capacity
- tracking are needed,
- c) the storage driver is specified through a storage class, and
- d) the storage driver supports dynamic volume provisioning through
- a PersistentVolumeClaim (see EphemeralVolumeSource for more
- information on the connection between this volume type
- and PersistentVolumeClaim).
-
- Use PersistentVolumeClaim or one of the vendor-specific
- APIs for volumes that persist for longer than the lifecycle
- of an individual pod.
-
- Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
- be used that way - see the documentation of the driver for
- more information.
-
- A pod can use both types of ephemeral volumes and
- persistent volumes at the same time.
- properties:
- volumeClaimTemplate:
- description: |-
- Will be used to create a stand-alone PVC to provision the volume.
- The pod in which this EphemeralVolumeSource is embedded will be the
- owner of the PVC, i.e. the PVC will be deleted together with the
- pod. The name of the PVC will be `-` where
- `` is the name from the `PodSpec.Volumes` array
- entry. Pod validation will reject the pod if the concatenated name
- is not valid for a PVC (for example, too long).
-
- An existing PVC with that name that is not owned by the pod
- will *not* be used for the pod to avoid using an unrelated
- volume by mistake. Starting the pod is then blocked until
- the unrelated PVC is removed. If such a pre-created PVC is
- meant to be used by the pod, the PVC has to updated with an
- owner reference to the pod once the pod exists. Normally
- this should not be necessary, but it may be useful when
- manually reconstructing a broken cluster.
-
- This field is read-only and no changes will be made by Kubernetes
- to the PVC after it has been created.
-
- Required, must not be nil.
- properties:
- metadata:
- description: |-
- May contain labels and annotations that will be copied into the PVC
- when creating it. No other fields are allowed and will be rejected during
- validation.
- properties:
- annotations:
- additionalProperties:
- type: string
- type: object
- finalizers:
- items:
- type: string
- type: array
- labels:
- additionalProperties:
- type: string
- type: object
- name:
- type: string
- namespace:
- type: string
- type: object
- spec:
- description: |-
- The specification for the PersistentVolumeClaim. The entire content is
- copied unchanged into the PVC that gets created from this
- template. The same fields as in a PersistentVolumeClaim
- are also valid here.
- properties:
- accessModes:
- description: |-
- accessModes contains the desired access modes the volume should have.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- dataSource:
- description: |-
- dataSource field can be used to specify either:
- * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim)
- If the provisioner or an external controller can support the specified data source,
- it will create a new volume based on the contents of the specified data source.
- When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
- and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
- If the namespace is specified, then dataSourceRef will not be copied to dataSource.
- properties:
- apiGroup:
- description: |-
- APIGroup is the group for the resource being referenced.
- If APIGroup is not specified, the specified Kind must be in the core API group.
- For any other third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource being
- referenced
- type: string
- name:
- description: Name is the name of resource being
- referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- dataSourceRef:
- description: |-
- dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
- volume is desired. This may be any object from a non-empty API group (non
- core object) or a PersistentVolumeClaim object.
- When this field is specified, volume binding will only succeed if the type of
- the specified object matches some installed volume populator or dynamic
- provisioner.
- This field will replace the functionality of the dataSource field and as such
- if both fields are non-empty, they must have the same value. For backwards
- compatibility, when namespace isn't specified in dataSourceRef,
- both fields (dataSource and dataSourceRef) will be set to the same
- value automatically if one of them is empty and the other is non-empty.
- When namespace is specified in dataSourceRef,
- dataSource isn't set to the same value and must be empty.
- There are three important differences between dataSource and dataSourceRef:
- * While dataSource only allows two specific types of objects, dataSourceRef
- allows any non-core object, as well as PersistentVolumeClaim objects.
- * While dataSource ignores disallowed values (dropping them), dataSourceRef
- preserves all values, and generates an error if a disallowed value is
- specified.
- * While dataSource only allows local objects, dataSourceRef allows objects
- in any namespaces.
- (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
- (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
- properties:
- apiGroup:
- description: |-
- APIGroup is the group for the resource being referenced.
- If APIGroup is not specified, the specified Kind must be in the core API group.
- For any other third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource being
- referenced
- type: string
- name:
- description: Name is the name of resource being
- referenced
- type: string
- namespace:
- description: |-
- Namespace is the namespace of resource being referenced
- Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
- (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
- type: string
- required:
- - kind
- - name
- type: object
- resources:
- description: |-
- resources represents the minimum resources the volume should have.
- If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
- that are lower than previous value but must still be higher than capacity recorded in the
- status field of the claim.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- selector:
- description: selector is a label query over volumes
- to consider for binding.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- storageClassName:
- description: |-
- storageClassName is the name of the StorageClass required by the claim.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
- type: string
- volumeAttributesClassName:
- description: |-
- volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
- If specified, the CSI driver will create or update the volume with the attributes defined
- in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
- it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
- will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
- If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
- will be set by the persistentvolume controller if it exists.
- If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
- set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
- exists.
- More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
- (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
- type: string
- volumeMode:
- description: |-
- volumeMode defines what type of volume is required by the claim.
- Value of Filesystem is implied when not included in claim spec.
- type: string
- volumeName:
- description: volumeName is the binding reference
- to the PersistentVolume backing this claim.
- type: string
- type: object
- required:
- - spec
- type: object
- type: object
- fc:
- description: fc represents a Fibre Channel resource that is
- attached to a kubelet's host machine and then exposed to the
- pod.
- properties:
- fsType:
- description: |-
- fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- lun:
- description: 'lun is Optional: FC target lun number'
- format: int32
- type: integer
- readOnly:
- description: |-
- readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- targetWWNs:
- description: 'targetWWNs is Optional: FC target worldwide
- names (WWNs)'
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- wwids:
- description: |-
- wwids Optional: FC volume world wide identifiers (wwids)
- Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- type: object
- flexVolume:
- description: |-
- flexVolume represents a generic volume resource that is
- provisioned/attached using an exec based plugin.
- properties:
- driver:
- description: driver is the name of the driver to use for
- this volume.
- type: string
- fsType:
- description: |-
- fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
- type: string
- options:
- additionalProperties:
- type: string
- description: 'options is Optional: this field holds extra
- command options if any.'
- type: object
- readOnly:
- description: |-
- readOnly is Optional: defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: |-
- secretRef is Optional: secretRef is reference to the secret object containing
- sensitive information to pass to the plugin scripts. This may be
- empty if no secret object is specified. If the secret object
- contains more than one secret, all secrets are passed to the plugin
- scripts.
- properties:
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - driver
- type: object
- flocker:
- description: flocker represents a Flocker volume attached to
- a kubelet's host machine. This depends on the Flocker control
- service being running
- properties:
- datasetName:
- description: |-
- datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
- should be considered as deprecated
- type: string
- datasetUUID:
- description: datasetUUID is the UUID of the dataset. This
- is unique identifier of a Flocker dataset
- type: string
- type: object
- gcePersistentDisk:
- description: |-
- gcePersistentDisk represents a GCE Disk resource that is attached to a
- kubelet's host machine and then exposed to the pod.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- properties:
- fsType:
- description: |-
- fsType is filesystem type of the volume that you want to mount.
- Tip: Ensure that the filesystem type is supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- type: string
- partition:
- description: |-
- partition is the partition in the volume that you want to mount.
- If omitted, the default is to mount by volume name.
- Examples: For volume /dev/sda1, you specify the partition as "1".
- Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- format: int32
- type: integer
- pdName:
- description: |-
- pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- type: string
- readOnly:
- description: |-
- readOnly here will force the ReadOnly setting in VolumeMounts.
- Defaults to false.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- type: boolean
- required:
- - pdName
- type: object
- gitRepo:
- description: |-
- gitRepo represents a git repository at a particular revision.
- DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
- EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
- into the Pod's container.
- properties:
- directory:
- description: |-
- directory is the target directory name.
- Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
- git repository. Otherwise, if specified, the volume will contain the git repository in
- the subdirectory with the given name.
- type: string
- repository:
- description: repository is the URL
- type: string
- revision:
- description: revision is the commit hash for the specified
- revision.
- type: string
- required:
- - repository
- type: object
- glusterfs:
- description: |-
- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md
- properties:
- endpoints:
- description: |-
- endpoints is the endpoint name that details Glusterfs topology.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- type: string
- path:
- description: |-
- path is the Glusterfs volume path.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- type: string
- readOnly:
- description: |-
- readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
- Defaults to false.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- type: boolean
- required:
- - endpoints
- - path
- type: object
- hostPath:
- description: |-
- hostPath represents a pre-existing file or directory on the host
- machine that is directly exposed to the container. This is generally
- used for system agents or other privileged things that are allowed
- to see the host machine. Most containers will NOT need this.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- properties:
- path:
- description: |-
- path of the directory on the host.
- If the path is a symlink, it will follow the link to the real path.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- type: string
- type:
- description: |-
- type for HostPath Volume
- Defaults to ""
- More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- type: string
- required:
- - path
- type: object
- image:
- description: |-
- image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
- The volume is resolved at pod startup depending on which PullPolicy value is provided:
-
- - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
- - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
- - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
-
- The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
- A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
- The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
- The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
- The volume will be mounted read-only (ro) and non-executable files (noexec).
- Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
- The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
- properties:
- pullPolicy:
- description: |-
- Policy for pulling OCI objects. Possible values are:
- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
- Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
- type: string
- reference:
- description: |-
- Required: Image or artifact reference to be used.
- Behaves in the same way as pod.spec.containers[*].image.
- Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.
- More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config management to default or override
- container images in workload controllers like Deployments and StatefulSets.
- type: string
- type: object
- iscsi:
- description: |-
- iscsi represents an ISCSI Disk resource that is attached to a
- kubelet's host machine and then exposed to the pod.
- More info: https://examples.k8s.io/volumes/iscsi/README.md
- properties:
- chapAuthDiscovery:
- description: chapAuthDiscovery defines whether support iSCSI
- Discovery CHAP authentication
- type: boolean
- chapAuthSession:
- description: chapAuthSession defines whether support iSCSI
- Session CHAP authentication
- type: boolean
- fsType:
- description: |-
- fsType is the filesystem type of the volume that you want to mount.
- Tip: Ensure that the filesystem type is supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- type: string
- initiatorName:
- description: |-
- initiatorName is the custom iSCSI Initiator Name.
- If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
- : will be created for the connection.
- type: string
- iqn:
- description: iqn is the target iSCSI Qualified Name.
- type: string
- iscsiInterface:
- default: default
- description: |-
- iscsiInterface is the interface Name that uses an iSCSI transport.
- Defaults to 'default' (tcp).
- type: string
- lun:
- description: lun represents iSCSI Target Lun number.
- format: int32
- type: integer
- portals:
- description: |-
- portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports 860 and 3260).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- readOnly:
- description: |-
- readOnly here will force the ReadOnly setting in VolumeMounts.
- Defaults to false.
- type: boolean
- secretRef:
- description: secretRef is the CHAP Secret for iSCSI target
- and initiator authentication
- properties:
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- type: object
- x-kubernetes-map-type: atomic
- targetPortal:
- description: |-
- targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports 860 and 3260).
- type: string
- required:
- - iqn
- - lun
- - targetPortal
- type: object
- name:
- description: |-
- name of the volume.
- Must be a DNS_LABEL and unique within the pod.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- nfs:
- description: |-
- nfs represents an NFS mount on the host that shares a pod's lifetime
- More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- properties:
- path:
- description: |-
- path that is exported by the NFS server.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- type: string
- readOnly:
- description: |-
- readOnly here will force the NFS export to be mounted with read-only permissions.
- Defaults to false.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- type: boolean
- server:
- description: |-
- server is the hostname or IP address of the NFS server.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- type: string
- required:
- - path
- - server
- type: object
- persistentVolumeClaim:
- description: |-
- persistentVolumeClaimVolumeSource represents a reference to a
- PersistentVolumeClaim in the same namespace.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- properties:
- claimName:
- description: |-
- claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- type: string
- readOnly:
- description: |-
- readOnly Will force the ReadOnly setting in VolumeMounts.
- Default false.
- type: boolean
- required:
- - claimName
- type: object
- photonPersistentDisk:
- description: photonPersistentDisk represents a PhotonController
- persistent disk attached and mounted on kubelets host machine
- properties:
- fsType:
- description: |-
- fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- pdID:
- description: pdID is the ID that identifies Photon Controller
- persistent disk
- type: string
- required:
- - pdID
- type: object
- portworxVolume:
- description: portworxVolume represents a portworx volume attached
- and mounted on kubelets host machine
- properties:
- fsType:
- description: |-
- fSType represents the filesystem type to mount
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- readOnly:
- description: |-
- readOnly defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- volumeID:
- description: volumeID uniquely identifies a Portworx volume
- type: string
- required:
- - volumeID
- type: object
- projected:
- description: projected items for all in one resources secrets,
- configmaps, and downward API
- properties:
- defaultMode:
- description: |-
- defaultMode are the mode bits used to set permissions on created files by default.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- Directories within the path are not affected by this setting.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- sources:
- description: |-
- sources is the list of volume projections. Each entry in this list
- handles one source.
- items:
- description: |-
- Projection that may be projected along with other supported volume types.
- Exactly one of these fields must be set.
- properties:
- clusterTrustBundle:
- description: |-
- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
- of ClusterTrustBundle objects in an auto-updating file.
-
- Alpha, gated by the ClusterTrustBundleProjection feature gate.
-
- ClusterTrustBundle objects can either be selected by name, or by the
- combination of signer name and a label selector.
-
- Kubelet performs aggressive normalization of the PEM contents written
- into the pod filesystem. Esoteric PEM features such as inter-block
- comments and block headers are stripped. Certificates are deduplicated.
- The ordering of certificates within the file is arbitrary, and Kubelet
- may change the order over time.
- properties:
- labelSelector:
- description: |-
- Select all ClusterTrustBundles that match this label selector. Only has
- effect if signerName is set. Mutually-exclusive with name. If unset,
- interpreted as "match nothing". If set but empty, interpreted as "match
- everything".
- properties:
- matchExpressions:
- description: matchExpressions is a list of
- label selector requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- name:
- description: |-
- Select a single ClusterTrustBundle by object name. Mutually-exclusive
- with signerName and labelSelector.
- type: string
- optional:
- description: |-
- If true, don't block pod startup if the referenced ClusterTrustBundle(s)
- aren't available. If using name, then the named ClusterTrustBundle is
- allowed not to exist. If using signerName, then the combination of
- signerName and labelSelector is allowed to match zero
- ClusterTrustBundles.
- type: boolean
- path:
- description: Relative path from the volume root
- to write the bundle.
- type: string
- signerName:
- description: |-
- Select all ClusterTrustBundles that match this signer name.
- Mutually-exclusive with name. The contents of all selected
- ClusterTrustBundles will be unified and deduplicated.
- type: string
- required:
- - path
- type: object
- configMap:
- description: configMap information about the configMap
- data to project
- properties:
- items:
- description: |-
- items if unspecified, each key-value pair in the Data field of the referenced
- ConfigMap will be projected into the volume as a file whose name is the
- key and content is the value. If specified, the listed keys will be
- projected into the specified paths, and unlisted keys will not be
- present. If a key is specified which is not present in the ConfigMap,
- the volume setup will error unless it is marked optional. Paths must be
- relative and may not contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: |-
- mode is Optional: mode bits used to set permissions on this file.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- If not specified, the volume defaultMode will be used.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- path:
- description: |-
- path is the relative path of the file to map the key to.
- May not be an absolute path.
- May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- x-kubernetes-list-type: atomic
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: optional specify whether the ConfigMap
- or its keys must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- downwardAPI:
- description: downwardAPI information about the downwardAPI
- data to project
- properties:
- items:
- description: Items is a list of DownwardAPIVolume
- file
- items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing
- the pod field
- properties:
- fieldRef:
- description: 'Required: Selects a field
- of the pod: only annotations, labels,
- name, namespace and uid are supported.'
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of,
- defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: |-
- Optional: mode bits used to set permissions on this file, must be an octal value
- between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- If not specified, the volume defaultMode will be used.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- path:
- description: 'Required: Path is the relative
- path name of the file to be created. Must
- not be absolute or contain the ''..''
- path. Must be utf-8 encoded. The first
- item of the relative path must not start
- with ''..'''
- type: string
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults
- to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to
- select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- secret:
- description: secret information about the secret data
- to project
- properties:
- items:
- description: |-
- items if unspecified, each key-value pair in the Data field of the referenced
- Secret will be projected into the volume as a file whose name is the
- key and content is the value. If specified, the listed keys will be
- projected into the specified paths, and unlisted keys will not be
- present. If a key is specified which is not present in the Secret,
- the volume setup will error unless it is marked optional. Paths must be
- relative and may not contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: |-
- mode is Optional: mode bits used to set permissions on this file.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- If not specified, the volume defaultMode will be used.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- path:
- description: |-
- path is the relative path of the file to map the key to.
- May not be an absolute path.
- May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- x-kubernetes-list-type: atomic
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: optional field specify whether the
- Secret or its key must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- serviceAccountToken:
- description: serviceAccountToken is information about
- the serviceAccountToken data to project
- properties:
- audience:
- description: |-
- audience is the intended audience of the token. A recipient of a token
- must identify itself with an identifier specified in the audience of the
- token, and otherwise should reject the token. The audience defaults to the
- identifier of the apiserver.
- type: string
- expirationSeconds:
- description: |-
- expirationSeconds is the requested duration of validity of the service
- account token. As the token approaches expiration, the kubelet volume
- plugin will proactively rotate the service account token. The kubelet will
- start trying to rotate the token if the token is older than 80 percent of
- its time to live or if the token is older than 24 hours.Defaults to 1 hour
- and must be at least 10 minutes.
- format: int64
- type: integer
- path:
- description: |-
- path is the path relative to the mount point of the file to project the
- token into.
- type: string
- required:
- - path
- type: object
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- quobyte:
- description: quobyte represents a Quobyte mount on the host
- that shares a pod's lifetime
- properties:
- group:
- description: |-
- group to map volume access to
- Default is no group
- type: string
- readOnly:
- description: |-
- readOnly here will force the Quobyte volume to be mounted with read-only permissions.
- Defaults to false.
- type: boolean
- registry:
- description: |-
- registry represents a single or multiple Quobyte Registry services
- specified as a string as host:port pair (multiple entries are separated with commas)
- which acts as the central registry for volumes
- type: string
- tenant:
- description: |-
- tenant owning the given Quobyte volume in the Backend
- Used with dynamically provisioned Quobyte volumes, value is set by the plugin
- type: string
- user:
- description: |-
- user to map volume access to
- Defaults to serivceaccount user
- type: string
- volume:
- description: volume is a string that references an already
- created Quobyte volume by name.
- type: string
- required:
- - registry
- - volume
- type: object
- rbd:
- description: |-
- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
- More info: https://examples.k8s.io/volumes/rbd/README.md
- properties:
- fsType:
- description: |-
- fsType is the filesystem type of the volume that you want to mount.
- Tip: Ensure that the filesystem type is supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- type: string
- image:
- description: |-
- image is the rados image name.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- type: string
- keyring:
- default: /etc/ceph/keyring
- description: |-
- keyring is the path to key ring for RBDUser.
- Default is /etc/ceph/keyring.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- type: string
- monitors:
- description: |-
- monitors is a collection of Ceph monitors.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- pool:
- default: rbd
- description: |-
- pool is the rados pool name.
- Default is rbd.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- type: string
- readOnly:
- description: |-
- readOnly here will force the ReadOnly setting in VolumeMounts.
- Defaults to false.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- type: boolean
- secretRef:
- description: |-
- secretRef is name of the authentication secret for RBDUser. If provided
- overrides keyring.
- Default is nil.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- properties:
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- default: admin
- description: |-
- user is the rados user name.
- Default is admin.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- type: string
- required:
- - image
- - monitors
- type: object
- scaleIO:
- description: scaleIO represents a ScaleIO persistent volume
- attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- default: xfs
- description: |-
- fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs".
- Default is "xfs".
- type: string
- gateway:
- description: gateway is the host address of the ScaleIO
- API Gateway.
- type: string
- protectionDomain:
- description: protectionDomain is the name of the ScaleIO
- Protection Domain for the configured storage.
- type: string
- readOnly:
- description: |-
- readOnly Defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: |-
- secretRef references to the secret for ScaleIO user and other
- sensitive information. If this is not provided, Login operation will fail.
- properties:
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- type: object
- x-kubernetes-map-type: atomic
- sslEnabled:
- description: sslEnabled Flag enable/disable SSL communication
- with Gateway, default false
- type: boolean
- storageMode:
- default: ThinProvisioned
- description: |-
- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
- Default is ThinProvisioned.
- type: string
- storagePool:
- description: storagePool is the ScaleIO Storage Pool associated
- with the protection domain.
- type: string
- system:
- description: system is the name of the storage system as
- configured in ScaleIO.
- type: string
- volumeName:
- description: |-
- volumeName is the name of a volume already created in the ScaleIO system
- that is associated with this volume source.
- type: string
- required:
- - gateway
- - secretRef
- - system
- type: object
- secret:
- description: |-
- secret represents a secret that should populate this volume.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
- properties:
- defaultMode:
- description: |-
- defaultMode is Optional: mode bits used to set permissions on created files by default.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values
- for mode bits. Defaults to 0644.
- Directories within the path are not affected by this setting.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- items:
- description: |-
- items If unspecified, each key-value pair in the Data field of the referenced
- Secret will be projected into the volume as a file whose name is the
- key and content is the value. If specified, the listed keys will be
- projected into the specified paths, and unlisted keys will not be
- present. If a key is specified which is not present in the Secret,
- the volume setup will error unless it is marked optional. Paths must be
- relative and may not contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: |-
- mode is Optional: mode bits used to set permissions on this file.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- If not specified, the volume defaultMode will be used.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- path:
- description: |-
- path is the relative path of the file to map the key to.
- May not be an absolute path.
- May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- x-kubernetes-list-type: atomic
- optional:
- description: optional field specify whether the Secret or
- its keys must be defined
- type: boolean
- secretName:
- description: |-
- secretName is the name of the secret in the pod's namespace to use.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
- type: string
- type: object
- storageos:
- description: storageOS represents a StorageOS volume attached
- and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: |-
- fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- readOnly:
- description: |-
- readOnly defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: |-
- secretRef specifies the secret to use for obtaining the StorageOS API
- credentials. If not specified, default values will be attempted.
- properties:
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeName:
- description: |-
- volumeName is the human-readable name of the StorageOS volume. Volume
- names are only unique within a namespace.
- type: string
- volumeNamespace:
- description: |-
- volumeNamespace specifies the scope of the volume within StorageOS. If no
- namespace is specified then the Pod's namespace will be used. This allows the
- Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
- Set VolumeName to any name to override the default behaviour.
- Set to "default" if you are not using namespaces within StorageOS.
- Namespaces that do not pre-exist within StorageOS will be created.
- type: string
- type: object
- vsphereVolume:
- description: vsphereVolume represents a vSphere volume attached
- and mounted on kubelets host machine
- properties:
- fsType:
- description: |-
- fsType is filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- storagePolicyID:
- description: storagePolicyID is the storage Policy Based
- Management (SPBM) profile ID associated with the StoragePolicyName.
- type: string
- storagePolicyName:
- description: storagePolicyName is the storage Policy Based
- Management (SPBM) profile name.
- type: string
- volumePath:
- description: volumePath is the path that identifies vSphere
- volume vmdk
- type: string
- required:
- - volumePath
- type: object
- required:
- - name
- type: object
- type: array
- type: object
- type: object
- served: true
- storage: true
- subresources: {}
diff --git a/content/v1.19/api/crds/secrets.crossplane.io_storeconfigs.yaml b/content/v1.19/api/crds/secrets.crossplane.io_storeconfigs.yaml
deleted file mode 100644
index 31e23b8c8..000000000
--- a/content/v1.19/api/crds/secrets.crossplane.io_storeconfigs.yaml
+++ /dev/null
@@ -1,172 +0,0 @@
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.16.5
- name: storeconfigs.secrets.crossplane.io
-spec:
- group: secrets.crossplane.io
- names:
- categories:
- - crossplane
- - store
- kind: StoreConfig
- listKind: StoreConfigList
- plural: storeconfigs
- singular: storeconfig
- scope: Cluster
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: AGE
- type: date
- - jsonPath: .spec.type
- name: TYPE
- type: string
- - jsonPath: .spec.defaultScope
- name: DEFAULT-SCOPE
- type: string
- name: v1alpha1
- schema:
- openAPIV3Schema:
- description: |-
- A StoreConfig configures how Crossplane controllers should store connection
- details in an external secret store.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: A StoreConfigSpec defines the desired state of a StoreConfig.
- properties:
- defaultScope:
- description: |-
- DefaultScope used for scoping secrets for "cluster-scoped" resources.
- If store type is "Kubernetes", this would mean the default namespace to
- store connection secrets for cluster scoped resources.
- In case of "Vault", this would be used as the default parent path.
- Typically, should be set as Crossplane installation namespace.
- type: string
- kubernetes:
- description: |-
- Kubernetes configures a Kubernetes secret store.
- If the "type" is "Kubernetes" but no config provided, in cluster config
- will be used.
- properties:
- auth:
- description: Credentials used to connect to the Kubernetes API.
- properties:
- env:
- description: |-
- Env is a reference to an environment variable that contains credentials
- that must be used to connect to the provider.
- properties:
- name:
- description: Name is the name of an environment variable.
- type: string
- required:
- - name
- type: object
- fs:
- description: |-
- Fs is a reference to a filesystem location that contains credentials that
- must be used to connect to the provider.
- properties:
- path:
- description: Path is a filesystem path.
- type: string
- required:
- - path
- type: object
- secretRef:
- description: |-
- A SecretRef is a reference to a secret key that contains the credentials
- that must be used to connect to the provider.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: Name of the secret.
- type: string
- namespace:
- description: Namespace of the secret.
- type: string
- required:
- - key
- - name
- - namespace
- type: object
- source:
- description: Source of the credentials.
- enum:
- - None
- - Secret
- - Environment
- - Filesystem
- type: string
- required:
- - source
- type: object
- required:
- - auth
- type: object
- plugin:
- description: Plugin configures External secret store as a plugin.
- properties:
- configRef:
- description: ConfigRef contains store config reference info.
- properties:
- apiVersion:
- description: APIVersion of the referenced config.
- type: string
- kind:
- description: Kind of the referenced config.
- type: string
- name:
- description: Name of the referenced config.
- type: string
- required:
- - apiVersion
- - kind
- - name
- type: object
- endpoint:
- description: Endpoint is the endpoint of the gRPC server.
- type: string
- type: object
- type:
- default: Kubernetes
- description: |-
- Type configures which secret store to be used. Only the configuration
- block for this store will be used and others will be ignored if provided.
- Default is Kubernetes.
- enum:
- - Kubernetes
- - Vault
- - Plugin
- type: string
- required:
- - defaultScope
- type: object
- required:
- - spec
- type: object
- served: true
- storage: true
- subresources: {}
diff --git a/content/v1.19/concepts/_index.md b/content/v1.19/concepts/_index.md
deleted file mode 100644
index 519b53dad..000000000
--- a/content/v1.19/concepts/_index.md
+++ /dev/null
@@ -1,73 +0,0 @@
----
-title: Concepts
-weight: 50
-description: Understand Crossplane's core components
----
-
-Crossplane extends Kubernetes allowing it to create and manage
-resources external to the Kubernetes cluster. Crossplane enables platform
-engineers to create custom APIs and abstractions combining both native
-Kubernetes resources and cloud resources under a single control plane.
-
-With custom APIs, the platform users, like developers, don't need to know
-any details about the underlying resources or requirements.
-
-The platform users only need to know the details exposed by the platform, like
-`big` or `small` or `US` or `EU`. Platform users don't need to know any details
-about the underlying provider like instance type or region names.
-
-Crossplane uses multiple core components to manage the various elements of
-building and managing external resources through Kubernetes.
-
-* [**The Crossplane pods**]({{][}}) include the core Crossplane pod and
- Crossplane RBAC manager pod. Together these pods manage all Crossplane
- components and resources.
-
-* [**Providers**]({{][}}) connect Kubernetes to any external
- provider, like AWS, Azure or GCP. Providers translate Kubernetes native
- manifests and API calls into external API calls. Providers are responsible for
- creating, deleting and managing the lifecycle of their resources.
-
-* [**Managed resources**]({{][}}) are Kubernetes objects
- representing things the Provider created outside of Kubernetes. Creating a
- managed resource in Kubernetes requires a Provider to create a resource.
- Deleting a managed resource requires a Provider to delete the associated
- external resource.
-
-* [**Compositions**]({{][}}) are a template of managed
- resources. Compositions describe more complex deployments, combining multiple
- managed resources and any resource customizations, like the size of a database
- or the cloud provider region.
-
-* [**Composite Resource Definitions**]({{][}})
- represent a custom API, created by platform engineers and consumed by
- developers or end users. Composite resource definitions use an OpenAPIv3
- schema to further extend Kubernetes with custom API endpoints, revisions and
- more.
-
-* [**Composite Resources**]({{][}}) represent all the
- objects created by a user calling the custom API. Every time a user access the
- custom API Crossplane creates a single Composite Resource and links all
- the related managed resources to it.
-
-* [**Claims**]({{][}}) are like Composite Resources, but exist
- in a Kubernetes namespace. Every Claim links to a single cluster scoped
- Composite Resource. Platform users create Claims in their unique namespace,
- isolating their resources from other teams in other namespaces.
-
-* [**EnvironmentConfigs**]({{][}}) are an in-memory
- data store, like a Kubernetes ConfigMap. EnvironmentConfigs are useful for
- custom resource mapping or storing and retrieving data across Claims and
- Composite Resources.
-
-* [**Usages**]({{][}}) defining critical resources or custom
- dependency mappings. Usages can prevent Crossplane from deleting or can
- ensure that a parent resource waits for Crossplane to delete all child
- resources first.
-
-* [**Packages**]({{][}}) are a convenient way to package up an
- entire custom platform and define any other Crossplane related requirements.
- Packages define how to install Providers, custom APIs or composition functions.
-
-* [**ImageConfigs**]({{][}}) are for centralized control
- of the configuration of Crossplane package images.
\ No newline at end of file
diff --git a/content/v1.19/concepts/claims.md b/content/v1.19/concepts/claims.md
deleted file mode 100644
index 65e62f72c..000000000
--- a/content/v1.19/concepts/claims.md
+++ /dev/null
@@ -1,207 +0,0 @@
----
-title: Claims
-weight: 60
-description: "Claims are a way to consume Crossplane resources with namespace scoping"
----
-
-Claims represents a set of managed resources as a single
-Kubernetes object, inside a namespace.
-
-Users create claims when they access the
-custom API, defined in the CompositeResourceDefinition.
-
-{{< hint "tip" >}}
-
-Claims are like [composite resources]({{][}}). The
-difference between Claims and composite resources is Crossplane can create
-Claims in a namespace, while composite resources are cluster scoped.
-{{< /hint >}}
-
-{{}}
-Crossplane has four core components that users commonly mix up:
-
-* [Compositions]({{][}}) - A template to define how to create resources.
-* [Composite Resource Definition]({{][}})
- (`XRD`) - A custom API specification.
-* [Composite Resources]({{][}}) (`XR`) - Created by
- using the custom API defined in a Composite Resource Definition. XRs use the
- Composition template to create new managed resources.
-* Claims (`XRC`) - This page. Like a Composite Resource, but
- with namespace scoping.
-{{]}}
-
-## Creating a Claim
-
-Creating a Claim requires a
-[Composition]({{[}}) and a
-[CompositeResourceDefinition]({{][}})
-(`XRD`) already installed.
-
-{{}}
-The XRD must
-[enable Claims]({{][}}).
-{{< /hint >}}
-
-The Composition defines the set of resources to create.
-The XRD defines the custom API users call to request the set of resources.
-
-
-
-For example,
-this {{}}CompositeResourceDefinition{{}}
-creates a composite resource API endpoint
-{{}}xmydatabases.example.org{{}} and
-enables a Claim API endpoint
-{{}}database.example.org{{}}
-
-```yaml {label="xrd1",copy-lines="none"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-metadata:
- name: xmydatabases.example.org
-spec:
- group: example.org
- names:
- kind: XMyDatabase
- plural: xmydatabases
- claimNames:
- kind: Database
- plural: databases
- # Removed for brevity
-```
-
-The Claim uses the XRD's
-{{}}kind{{}} API endpoint to request
-resources.
-
-The Claim's {{}}apiVersion{{}} matches
-the XRD {{}}group{{}} and the
-{{}}kind{{}} matches the XRD
-{{}}claimNames.kind{{}}
-
-```yaml {label="claim1",copy-lines="none"}
-apiVersion: example.org/v1alpha1
-kind: database
-metadata:
- name: my-claimed-database
-spec:
- # Removed for brevity
-```
-
-When a user creates a Claim in a namespace Crossplane also creates a composite
-resource.
-
-Use {{}}kubectl describe{{}} on the
-Claim to view the related composite resource.
-
-The {{}}Resource Ref{{}} is the
-composite resource Crossplane created for this Claim.
-
-```shell {label="claimcomp",copy-lines="1"}
-kubectl describe database.example.org/my-claimed-database
-Name: my-claimed-database
-API Version: example.org/v1alpha1
-Kind: database
-Spec:
- Resource Ref:
- API Version: example.org/v1alpha1
- Kind: XMyDatabase
- Name: my-claimed-database-rr4ll
-# Removed for brevity.
-```
-
-Use {{}}kubectl describe{{}} on the
-composite resource to view the
-{{}}Claim Ref{{}} linking the
-composite resource to the original Claim.
-
-```shell {label="getcomp",copy-lines="1"}
-kubectl describe xmydatabase.example.org/my-claimed-database-rr4ll
-Name: my-claimed-database-rr4ll
-API Version: example.org/v1alpha1
-Kind: XMyDatabase
-Spec:
- Claim Ref:
- API Version: example.org/v1alpha1
- Kind: database
- Name: my-claimed-database
- Namespace: default
-```
-
-{{}}
-Crossplane supports directly creating composite resources. Claims allow
-namespace scoping and isolation for users consuming the custom APIs.
-
-If you don't use namespaces in your Kubernetes deployment Claims aren't necessary.
-{{< /hint >}}
-
-### Claiming existing composite resources
-
-By default, creating a Claim creates a new composite resource. Claims can also
-link to existing composite resources.
-
-A use case for claiming existing composite resources may be slow to provision
-resources. Composite resources can be pre-provisioned and a Claim can
-use those resources without waiting for their creation.
-
-Set the Claim's {{}}resourceRef{{}}
-and match the pre-existing composite resource
-{{}}name{{}}.
-
-```yaml {label="resourceref",copy-lines="none"}
-apiVersion: example.org/v1alpha1
-kind: database
-metadata:
- name: my-claimed-database
-spec:
- resourceRef:
- apiVersion: example.org/v1alpha1
- kind: XMyDatabase
- name: my-pre-created-xr
-```
-
-If a Claim specifies a
-{{}}resourceRef{{}} that doesn't
-exist, Crossplane doesn't create a composite resource.
-
-{{}}
-All Claims have a
-{{}}resourceRef{{}}. Manually
-defining the
-{{}}resourceRef{{}}
-isn't required. Crossplane fills in the
-{{}}resourceRef{{}}
-with the information from the composite resource created for the Claim.
-{{< /hint >}}
-
-## Claim connection secrets
-
-If a Claim expects connection secrets the Claim must define a
-{{}}writeConnectionSecretToRef{{}}
-object.
-
-The
-{{}}writeConnectionSecretToRef{{}}
-object defines the name of the Kubernetes secret object where Crossplane saves
-the connection details.
-
-{{}}
-The Crossplane creates the secret object in the same namespace as the Claim.
-{{< /hint >}}
-
-For example, to a new secret object named
-{{}}my-claim-secret{{}} use
-{{}}writeConnectionSecretToRef{{}} with
-the
-{{}}name: my-claim-secret{{}}.
-```yaml {label="claimSec"}
-apiVersion: example.org/v1alpha1
-kind: database
-metadata:
- name: my-claimed-database
-spec:
- writeConnectionSecretToRef:
- name: my-claim-secret
-```
-
-For more information on connection secrets read the [Connection Secrets knowledge base article]({{][}}).
\ No newline at end of file
diff --git a/content/v1.19/concepts/composite-resources.md b/content/v1.19/concepts/composite-resources.md
deleted file mode 100644
index a18ef2185..000000000
--- a/content/v1.19/concepts/composite-resources.md
+++ /dev/null
@@ -1,482 +0,0 @@
----
-title: Composite Resources
-weight: 50
-description: "Composite resources, an XR or XRs, represent a collection of related cloud resources."
----
-
-A composite resource represents a set of managed resources as a single
-Kubernetes object. Crossplane creates composite resources when users access a
-custom API, defined in the CompositeResourceDefinition.
-
-{{}}
-Composite resources are a _composite_ of managed resources.
-A _Composition_ defines how to _compose_ the managed resources together.
-{{< /hint >}}
-
-{{}}
-Crossplane has four core components that users commonly mix up:
-
-* [Compositions]({{][}}) - A template to define how to create resources.
-* [Composite Resource Definition]({{][}})
- (`XRD`) - A custom API specification.
-* Composite Resource (`XR`) - This page. Created by
- using the custom API defined in a Composite Resource Definition. XRs use the
- Composition template to create new managed resources.
-* [Claims]({{][}}) (`XRC`) - Like a Composite Resource, but
- with namespace scoping.
-{{]}}
-
-## Creating composite resources
-
-Creating composite resources requires a
-[Composition]({{[}}) and a
-[CompositeResourceDefinition]({{][}})
-(`XRD`).
-The Composition defines the set of resources to create.
-The XRD defines the custom API users call to request the set of resources.
-
-
-
-XRDs define the API used to create a composite resource.
-For example,
-this {{}}CompositeResourceDefinition{{}}
-creates a custom API endpoint
-{{}}xmydatabases.example.org{{}}.
-
-```yaml {label="xrd1",copy-lines="none"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-metadata:
- name: xmydatabases.example.org
-spec:
- group: example.org
- names:
- kind: xMyDatabase
- plural: xmydatabases
- # Removed for brevity
-```
-
-When a user calls the custom API,
-{{}}xmydatabases.example.org{{}},
-Crossplane chooses the Composition to use based on the Composition's
-{{}}compositeTypeRef{{}}
-
-```yaml {label="typeref",copy-lines="none"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-metadata:
- name: my-composition
-spec:
- compositeTypeRef:
- apiVersion: example.org/v1alpha1
- kind: xMyDatabase
- # Removed for brevity
-```
-
-The Composition
-{{}}compositeTypeRef{{}} matches the
-XRD {{}}group{{}} and
-{{}}kind{{}}.
-
-Crossplane creates the resources defined in the matching Composition and
-represents them as a single `composite` resource.
-
-```shell{copy-lines="1"}
-kubectl get composite
-NAME SYNCED READY COMPOSITION AGE
-my-composite-resource True True my-composition 4s
-```
-
-### Naming external resources
-By default, managed resources created by a composite resource have the name of
-the composite resource, followed by a random suffix.
-
-
-
-For example, a composite resource named "my-composite-resource" creates external
-resources named "my-composite-resource-fqvkw."
-
-
-
-Resource names can be deterministic by applying an
-{{}}annotation{{}} to the composite
-resource.
-
-```yaml {label="annotation",copy-lines="none"}
-apiVersion: example.org/v1alpha1
-kind: xMyDatabase
-metadata:
- name: my-composite-resource
- annotations:
- crossplane.io/external-name: my-custom-name
-# Removed for brevity
-```
-
-Inside the Composition, use a
-{{}}patch{{}}
-to apply the external-name to the resources.
-
-The {{}}fromFieldPath{{}} patch copies the
-{{}}metadata.annotations{{}} field from
-the composite resource to the
-{{}}metadata.annotations{{}} inside the
-managed resource.
-
-{{}}
-If a managed resource has the `crossplane.io/external-name` annotation
-Crossplane uses the annotation value to name the external resource.
-{{}}
-
-```yaml {label="comp",copy-lines="none"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-metadata:
- name: my-composition
-spec:
- mode: Pipeline
- pipeline:
- - step: patch-and-transform
- functionRef:
- name: function-patch-and-transform
- input:
- apiVersion: pt.fn.crossplane.io/v1beta1
- kind: Resources
- resources:
- - name: database
- base:
- # Removed for brevity
- patches:
- - fromFieldPath: metadata.annotations
- toFieldPath: metadata.annotations
-```
-
-For more information on using `function-patch-and-transform` to patch
-resources refer to the
-[Function Patch and Transform]({{][}})
-documentation.
-
-### Composition selection
-
-Select a specific Composition for a composite resource to use with
-{{}}compositionRef{{}}
-
-{{}}
-The selected Composition must allow the composite resource to use it with a
-`compositeTypeRef`. Read more about the `compositeTypeRef` field in the
-[Enable Composite Resources]({{][}})
-section of the Composition documentation.
-{{< /hint >}}
-
-```yaml {label="compref",copy-lines="none"}
-apiVersion: example.org/v1alpha1
-kind: xMyDatabase
-metadata:
- name: my-composite-resource
-spec:
- compositionRef:
- name: my-other-composition
- # Removed for brevity
-```
-
-A composite resource can also select a Composition based on labels instead of
-the exact name with a
-{{}}compositionSelector{{}}.
-
-Inside the {{}}matchLabels{{}} section
-provide one or more Composition labels to match.
-
-```yaml {label="complabel",copy-lines="none"}
-apiVersion: example.org/v1alpha1
-kind: xMyDatabase
-metadata:
- name: my-composite-resource
-spec:
- compositionSelector:
- matchLabels:
- environment: production
- # Removed for brevity
-```
-
-### Composition revision policy
-
-Crossplane tracks changes to Compositions as
-[Composition revisions]({{][}}) .
-
-A composite resource can use
-a {{}}compositionUpdatePolicy{{}} to
-manually or automatically reference newer Composition revisions.
-
-The default
-{{}}compositionUpdatePolicy{{}} is
-"Automatic." Composite resources automatically use the latest Composition
-revision.
-
-Change the policy to
-{{}}Manual{{}} to prevent composite
-resources from automatically upgrading.
-
-```yaml {label="comprev",copy-lines="none"}
-apiVersion: example.org/v1alpha1
-kind: xMyDatabase
-metadata:
- name: my-composite-resource
-spec:
- compositionUpdatePolicy: Manual
- # Removed for brevity
-```
-
-### Composition revision selection
-
-Crossplane records changes to Compositions as
-[Composition revisions]({{][}}).
-A composite resource can
-select a specific Composition revision.
-
-
-Use {{}}compositionRevisionRef{{}} to
-select a specific Composition revision by name.
-
-For example, to select a specific Composition revision use the name of the
-desired Composition revision.
-
-```yaml {label="comprevref",copy-lines="none"}
-apiVersion: example.org/v1alpha1
-kind: xMyDatabase
-metadata:
- name: my-composite-resource
-spec:
- compositionUpdatePolicy: Manual
- compositionRevisionRef:
- name: my-composition-b5aa1eb
- # Removed for brevity
-```
-
-{{}}
-Find the Composition revision name from
-{{}}kubectl get compositionrevision{{}}
-
-```shell {label="getcomprev",copy-lines="1"}
-kubectl get compositionrevision
-NAME REVISION XR-KIND XR-APIVERSION AGE
-my-composition-5c976ad 1 xmydatabases example.org/v1alpha1 65m
-my-composition-b5aa1eb 2 xmydatabases example.org/v1alpha1 64m
-```
-{{< /hint >}}
-
-A Composite resource can also select Composition revisions based on labels
-instead of the exact name with a
-{{}}compositionRevisionSelector{{}}.
-
-Inside the {{}}matchLabels{{}}
-section provide one or more Composition revision labels to match.
-
-
-```yaml {label="comprevsel",copy-lines="none"}
-apiVersion: example.org/v1alpha1
-kind: xMyDatabase
-metadata:
- name: my-composite-resource
-spec:
- compositionRevisionSelector:
- matchLabels:
- channel: dev
- # Removed for brevity
-```
-
-### Manage connection secrets
-
-When a composite resource creates resources, Crossplane provides any
-[connection secrets]({{][}})
-to the composite resource.
-
-{{}}
-
-A resource may only access connection secrets allowed by the XRD. By
-default XRDs provide access to all connection secrets generated by managed
-resources.
-Read more about [managing connection secrets]({{][}})
-in the XRD documentation.
-{{< /hint >}}
-
-Use
-{{}}writeConnectionSecretToRef{{}}
-to specify where the composite resource writes their connection secrets to.
-
-For example, this composite resource saves the connection secrets in a
-Kubernetes secret object named
-{{}}my-secret{{}} in the namespace
-{{}}crossplane-system{{}}.
-
-```yaml {label="writesecret",copy-lines="none"}
-apiVersion: example.org/v1alpha1
-kind: xMyDatabase
-metadata:
- name: my-composite-resource
-spec:
- writeConnectionSecretToRef:
- name: my-secret
- namespace: crossplane-system
- # Removed for brevity
-```
-
-Composite resources can write connection secrets to an
-[external secret store]({{][}}),
-like HashiCorp Vault.
-
-{{}}
-External secret stores are an alpha feature. Alpha features aren't enabled by
-default.
-{{< /hint >}}
-
-Use the {{}}publishConnectionDetailsTo{{}} field to save connection
-secrets to an external secrets store.
-
-```yaml {label="publishsecret",copy-lines="none"}
-apiVersion: example.org/v1alpha1
-kind: xMyDatabase
-metadata:
- name: my-composite-resource
-spec:
- publishConnectionDetailsTo:
- name: my-external-secret-store
- # Removed for brevity
-```
-
-Read the [External Secrets Store]({{][}}) documentation for more information on using
-external secret stores.
-
-For more information on connection secrets read the [Connection Secrets knowledge base article]({{][}}).
-
-### Pausing composite resources
-
-
-Crossplane supports pausing composite resources. A paused composite resource
-doesn't check or make changes on its external resources.
-
-
-To pause a composite resource apply the
-{{}}crossplane.io/paused{{}} annotation.
-
-```yaml {label="pause",copy-lines="none"}
-apiVersion: example.org/v1alpha1
-kind: xMyDatabase
-metadata:
- name: my-composite-resource
- annotations:
- crossplane.io/paused: "true"
-spec:
- # Removed for brevity
-```
-
-## Verify composite resources
-Use
-{{}}kubectl get composite{{}}
-to view all the composite resources Crossplane created.
-
-```shell{copy-lines="1",label="getcomposite"}
-kubectl get composite
-NAME SYNCED READY COMPOSITION AGE
-my-composite-resource True True my-composition 4s
-```
-
-Use `kubectl get` for the specific custom API endpoint to view
-only those resources.
-
-```shell {copy-lines="1"}
-kubectl get xMyDatabase.example.org
-NAME SYNCED READY COMPOSITION AGE
-my-composite-resource True True my-composition 12m
-```
-
-Use
-{{}}kubectl describe composite{{}}
-to view the linked
-{{}}Composition Ref{{}},
-and unique managed resources created in the
-{{}}Resource Refs{{}}.
-
-
-```yaml {copy-lines="1",label="desccomposite"}
-kubectl describe composite my-composite-resource
-Name: my-composite-resource
-API Version: example.org/v1alpha1
-Kind: xMyDatabase
-Spec:
- Composition Ref:
- Name: my-composition
- Composition Revision Ref:
- Name: my-composition-cf2d3a7
- Composition Update Policy: Automatic
- Resource Refs:
- API Version: s3.aws.upbound.io/v1beta1
- Kind: Bucket
- Name: my-composite-resource-fmrks
- API Version: dynamodb.aws.upbound.io/v1beta1
- Kind: Table
- Name: my-composite-resource-wnr9t
-# Removed for brevity
-```
-
-### Composite resource conditions
-
-The conditions of composite resources match the conditions of their managed
-resources.
-
-Read the
-[conditions section]({{][}}) of the
-managed resources documentation for details.
-
-## Composite resource labels
-
-Crossplane adds labels to composite resources to show their relationship to
-other Crossplane components.
-
-### Composite label
-Crossplane adds the
-{{}} crossplane.io/composite{{}} label
-to all composite resources. The label matches the name of the composite.
-Crossplane applies the composite label to any managed resource created by a
-composite, creating a reference between the managed resource and owning
-composite resource.
-
-```shell {label="claimname",copy-lines="1"}
-kubectl describe xmydatabase.example.org/my-claimed-database-x9rx9
-Name: my-claimed-database2-x9rx9
-Namespace:
-Labels: crossplane.io/composite=my-claimed-database-x9rx9
-```
-
-### Claim name label
-Crossplane adds the
-{{}}crossplane.io/claim-name{{}}
-label to composite resources created from a Claim. The label indicates the name
-of the Claim linked to this composite resource.
-
-```shell {label="claimname",copy-lines="1"}
-kubectl describe xmydatabase.example.org/my-claimed-database-x9rx9
-Name: my-claimed-database2-x9rx9
-Namespace:
-Labels: crossplane.io/claim-name=my-claimed-database
-```
-
-Composite resources created directly, without using a Claim, don't have a
-{{}}crossplane.io/claim-name{{}}
-label.
-
-### Claim namespace label
-Crossplane adds the
-{{}}crossplane.io/claim-namespace{{}}
-label to composite resources created from a Claim. The label indicates the
-namespace of the Claim linked to this composite resource.
-
-```shell {label="claimname",copy-lines="1"}
-kubectl describe xmydatabase.example.org/my-claimed-database-x9rx9
-Name: my-claimed-database2-x9rx9
-Namespace:
-Labels: crossplane.io/claim-namespace=default
-```
-
-Composite resources created directly, without using a Claim, don't have a
-{{}}crossplane.io/claim-namespace{{}}
-label.
\ No newline at end of file
diff --git a/content/v1.19/concepts/connection-details.md b/content/v1.19/concepts/connection-details.md
deleted file mode 100644
index b65b79568..000000000
--- a/content/v1.19/concepts/connection-details.md
+++ /dev/null
@@ -1,674 +0,0 @@
----
-title: Connection Details
-weight: 110
-description: "How to create and manage connection details across Crossplane managed resources, composite resources, Compositions and Claims"
----
-
-Using connection details in Crossplane requires the following components:
-* Defining the `writeConnectionSecretToRef.name` in a [Claim]({{][}}).
-* Defining the `writeConnectionSecretsToNamespace` value in the [Composition]({{][}}).
-* Define the `writeConnectionSecretToRef` name and namespace for each resource in the
- [Composition]({{][}}).
-* Define the list of secret keys produced by each composed resource with in the
- [Composition]({{][}}).
-* Optionally, define the `connectionSecretKeys` in a
- [CompositeResourceDefinition]({{][}}).
-
-{{}}
-This guide discusses creating Kubernetes secrets.
-Crossplane also supports using external secret stores like [HashiCorp Vault](https://www.vaultproject.io/).
-
-Read the [external secrets store guide]({{][}}) for more information on using Crossplane
-with an external secret store.
-{{]}}
-
-## Background
-When a [Provider]({{[}}) creates a managed
-resource, the resource may generate resource-specific details. These details can include
-usernames, passwords or connection details like an IP address.
-
-Crossplane refers to this information as the _connection details_ or
-_connection secrets_.
-
-The Provider
-defines what information to present as a _connection
-detail_ from a managed resource.
-
-
-
-When a managed resource is part of a
-[Composition]({{][}}), the Composition,
-[Composite Resource Definition]({{][}})
-and optionally, the
-[Claim]({{][}}) define what details are visible
-and where they're stored.
-
-
-{{}}
-All the following examples use the same set of Compositions,
-CompositeResourceDefinitions and Claims.
-
-All examples rely on
-[provider-aws-iam](https://github.com/crossplane-contrib/provider-upjet-aws)
-to create resources.
-
-{{}}
-```yaml
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-metadata:
- name: xsecrettest.example.org
-spec:
- writeConnectionSecretsToNamespace: other-namespace
- compositeTypeRef:
- apiVersion: example.org/v1alpha1
- kind: XSecretTest
- mode: Pipeline
- pipeline:
- - step: patch-and-transform
- functionRef:
- name: function-patch-and-transform
- input:
- apiVersion: pt.fn.crossplane.io/v1beta1
- kind: Resources
- resources:
- - name: key
- base:
- apiVersion: iam.aws.upbound.io/v1beta1
- kind: AccessKey
- spec:
- forProvider:
- userSelector:
- matchControllerRef: true
- writeConnectionSecretToRef:
- namespace: docs
- name: key1
- connectionDetails:
- - name: user
- type: FromConnectionSecretKey
- fromConnectionSecretKey: username
- - name: password
- type: FromConnectionSecretKey
- fromConnectionSecretKey: password
- - name: key
- type: FromConnectionSecretKey
- fromConnectionSecretKey: attribute.secret
- - name: smtp
- type: FromConnectionSecretKey
- fromConnectionSecretKey: attribute.ses_smtp_password_v4
- patches:
- - fromFieldPath: "metadata.uid"
- toFieldPath: "spec.writeConnectionSecretToRef.name"
- transforms:
- - type: string
- string:
- type: Format
- fmt: "%s-secret1"
- - name: user
- base:
- apiVersion: iam.aws.upbound.io/v1beta1
- kind: User
- spec:
- forProvider: {}
- - name: user2
- base:
- apiVersion: iam.aws.upbound.io/v1beta1
- kind: User
- metadata:
- labels:
- docs.crossplane.io: user
- spec:
- forProvider: {}
- - name: key2
- base:
- apiVersion: iam.aws.upbound.io/v1beta1
- kind: AccessKey
- spec:
- forProvider:
- userSelector:
- matchLabels:
- docs.crossplane.io: user
- writeConnectionSecretToRef:
- namespace: docs
- name: key2
- connectionDetails:
- - name: key2-user
- type: FromConnectionSecretKey
- fromConnectionSecretKey: username
- - name: key2-password
- type: FromConnectionSecretKey
- fromConnectionSecretKey: password
- - name: key2-secret
- type: FromConnectionSecretKey
- fromConnectionSecretKey: attribute.secret
- - name: key2-smtp
- type: FromConnectionSecretKey
- fromConnectionSecretKey: attribute.ses_smtp_password_v4
- patches:
- - fromFieldPath: "metadata.uid"
- toFieldPath: "spec.writeConnectionSecretToRef.name"
- transforms:
- - type: string
- string:
- type: Format
- fmt: "%s-secret2"
-```
-{{}}
-
-{{}}
-
-```yaml
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-metadata:
- name: xsecrettests.example.org
-spec:
- group: example.org
- connectionSecretKeys:
- - username
- - password
- - attribute.secret
- - attribute.ses_smtp_password_v4
- - key2-user
- - key2-pass
- - key2-secret
- - key2-smtp
- names:
- kind: XSecretTest
- plural: xsecrettests
- claimNames:
- kind: SecretTest
- plural: secrettests
- versions:
- - name: v1alpha1
- served: true
- referenceable: true
- schema:
- openAPIV3Schema:
- type: object
- properties:
- spec:
- type: object
-```
-{{}}
-
-{{}}
-```yaml
-apiVersion: example.org/v1alpha1
-kind: SecretTest
-metadata:
- name: test-secrets
- namespace: default
-spec:
- writeConnectionSecretToRef:
- name: my-access-key-secret
-```
-{{}}
-{{}}
-
-## Connection secrets in a managed resource
-
-
-
-
-When a managed resource creates connection secrets, Crossplane can write the
-secrets to a
-[Kubernetes secret]({{][}})
-or an
-[external secret store]({{][}}).
-
-
-
-Creating an individual managed resource shows the connection secrets the
-resource creates.
-
-{{}}
-Read the [managed resources]({{][}})
-documentation for more information on configuring resources and storing
-connection secrets for individual resources.
-{{< /hint >}}
-
-
-For example, create an
-{{}}AccessKey{{}} resource and save the
-connection secrets in a Kubernetes secret named
-{{}}my-accesskey-secret{{}}
-in the
-{{}}default{{}} namespace.
-
-```yaml {label="mr"}
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: AccessKey
-metadata:
- name: test-accesskey
-spec:
- forProvider:
- userSelector:
- matchLabels:
- docs.crossplane.io: user
- writeConnectionSecretToRef:
- namespace: default
- name: my-accesskey-secret
-```
-
-View the Kubernetes secret to see the connection details from the managed
-resource.
-This includes an
-{{}}attribute.secret{{}},
-{{}}attribute.ses_smtp_password_v4{{}},
-{{}}password{{}} and
-{{}}username{{}}
-
-```yaml {label="mrSecret",copy-lines="1"}
-kubectl describe secret my-accesskey-secret
-Name: my-accesskey-secret
-Namespace: default
-Labels:
-Annotations:
-
-Type: connection.crossplane.io/v1alpha1
-
-Data
-====
-attribute.secret: 40 bytes
-attribute.ses_smtp_password_v4: 44 bytes
-password: 40 bytes
-username: 20 bytes
-```
-
-Compositions and CompositeResourceDefinitions require the exact names of the
-secrets generated by a resource.
-
-## Connection secrets in Compositions
-
-Resources in a Composition that create connection details still create a
-secret object containing their connection details.
-Crossplane also generates
-another secret object for each composite resource,
-containing the secrets from all the defined resources.
-
-For example, a Composition defines two
-{{}}AccessKey{{}}
-objects.
-Each {{}}AccessKey{{}} writes a
-connection secrets to the {{}}name{{}}
-inside the {{}}namespace{{}} defined by
-the resource
-{{}}writeConnectionSecretToRef{{}}.
-
-Crossplane also creates a secret object for the entire Composition
-saved in the namespace defined by
-{{}}writeConnectionSecretsToNamespace{{}}
-with a Crossplane generated name.
-
-```yaml {label="comp1",copy-lines="none"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-spec:
- writeConnectionSecretsToNamespace: other-namespace
- mode: Pipeline
- pipeline:
- - step: patch-and-transform
- functionRef:
- name: function-patch-and-transform
- input:
- apiVersion: pt.fn.crossplane.io/v1beta1
- kind: Resources
- resources:
- - name: key1
- base:
- apiVersion: iam.aws.upbound.io/v1beta1
- kind: AccessKey
- spec:
- forProvider:
- # Removed for brevity
- writeConnectionSecretToRef:
- namespace: docs
- name: key1-secret
- - name: key2
- base:
- apiVersion: iam.aws.upbound.io/v1beta1
- kind: AccessKey
- spec:
- forProvider:
- # Removed for brevity
- writeConnectionSecretToRef:
- namespace: docs
- name: key2-secret
- # Removed for brevity
-```
-
-After applying a Claim, view the Kubernetes secrets to see three secret objects
-created.
-
-The secret
-{{}}key1-secret{{}} is from the resource
-{{}}key1{{}},
-{{}}key2-secret{{}} is from the resource
-{{}}key2{{}}.
-
-Crossplane creates another secret in the namespace
-{{}}other-namespace{{}} with the
-secrets from resource in the Composition.
-
-
-```shell {label="compGetSec",copy-lines="1"}
-kubectl get secrets -A
-NAMESPACE NAME TYPE DATA AGE
-docs key1-secret connection.crossplane.io/v1alpha1 4 4s
-docs key2-secret connection.crossplane.io/v1alpha1 4 4s
-other-namespace 70975471-c44f-4f6d-bde6-6bbdc9de1eb8 connection.crossplane.io/v1alpha1 0 6s
-```
-
-Although Crossplane creates a secret object, by default, Crossplane doesn't add
-any data to the object.
-
-```yaml {copy-lines="none"}
-kubectl describe secret 70975471-c44f-4f6d-bde6-6bbdc9de1eb8 -n other-namespace
-Name: 70975471-c44f-4f6d-bde6-6bbdc9de1eb8
-Namespace: other-namespace
-
-Type: connection.crossplane.io/v1alpha1
-
-Data
-====
-```
-
-The Composition must list the connection secrets to store for each resource.
-Use the
-{{}}connectionDetails{{}} object under
-each resource and define the secret keys the resource creates.
-
-
-{{}}
-You can't change the
-{{}}connectionDetails{{}}
-of a Composition.
-You must delete and
-recreate the Composition to change the
-{{}}connectionDetails{{}}.
-{{}}
-
-```yaml {label="comp2",copy-lines="16-20"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-spec:
- writeConnectionSecretsToNamespace: other-namespace
- mode: Pipeline
- pipeline:
- - step: patch-and-transform
- functionRef:
- name: function-patch-and-transform
- input:
- apiVersion: pt.fn.crossplane.io/v1beta1
- kind: Resources
- resources:
- - name: key
- base:
- apiVersion: iam.aws.upbound.io/v1beta1
- kind: AccessKey
- spec:
- forProvider:
- # Removed for brevity
- writeConnectionSecretToRef:
- namespace: docs
- name: key1
- connectionDetails:
- - name: user
- type: FromConnectionSecretKey
- fromConnectionSecretKey: username
- - name: password
- type: FromConnectionSecretKey
- fromConnectionSecretKey: password
- - name: key
- type: FromConnectionSecretKey
- fromConnectionSecretKey: attribute.secret
- - name: smtp
- type: FromConnectionSecretKey
- fromConnectionSecretKey: attribute.ses_smtp_password_v4
- # Removed for brevity
-```
-
-After applying a Claim the composite resource secret object contains the list of
-keys listed in the
-{{}}connectionDetails{{}}.
-
-```shell {copy-lines="1"}
-kubectl describe secret -n other-namespace
-Name: b0dc71f8-2688-4ebc-818a-bbad6a2c4f9a
-Namespace: other-namespace
-
-Type: connection.crossplane.io/v1alpha1
-
-Data
-====
-username: 20 bytes
-attribute.secret: 40 bytes
-attribute.ses_smtp_password_v4: 44 bytes
-password: 40 bytes
-```
-
-{{}}
-If a key isn't listed in the
-{{}}connectionDetails{{}}
-it isn't stored in the secret object.
-{{< /hint >}}
-
-### Managing conflicting secret keys
-If resources produce conflicting keys, create a unique name with a connection
-details
-{{}}name{{}}.
-
-```yaml {label="comp3",copy-lines="none"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-spec:
- writeConnectionSecretsToNamespace: other-namespace
- mode: Pipeline
- pipeline:
- - step: patch-and-transform
- functionRef:
- name: function-patch-and-transform
- input:
- apiVersion: pt.fn.crossplane.io/v1beta1
- kind: Resources
- resources:
- - name: key
- base:
- kind: AccessKey
- spec:
- # Removed for brevity
- writeConnectionSecretToRef:
- namespace: docs
- name: key1
- connectionDetails:
- - name: user
- type: FromConnectionSecretKey
- fromConnectionSecretKey: username
- - name: key2
- base:
- kind: AccessKey
- spec:
- # Removed for brevity
- writeConnectionSecretToRef:
- namespace: docs
- name: key2
- connectionDetails:
- - name: key2-user
- type: FromConnectionSecretKey
- fromConnectionSecretKey: username
-```
-
-The secret object contains both keys,
-{{}}username{{}}
-and
-{{}}key2-user{{}}
-
-```shell {label="comp3Sec",copy-lines="1"}
-kubectl describe secret -n other-namespace
-Name: b0dc71f8-2688-4ebc-818a-bbad6a2c4f9a
-Namespace: other-namespace
-
-Type: connection.crossplane.io/v1alpha1
-
-Data
-====
-username: 20 bytes
-key2-user: 20 bytes
-# Removed for brevity.
-```
-
-## Connection secrets in Composite Resource Definitions
-
-The CompositeResourceDefinition (`XRD`), can restrict which secrets keys are
-put in the combined secret and provided to a Claim.
-
-By default an XRD writes all secret keys listed in the composed resource
-`connectionDetails` to the combined secret object.
-
-Limit the keys passed to the combined secret object and Claims with a
-{{}}connectionSecretKeys{{}} object.
-
-Inside the {{}}connectionSecretKeys{{}} list
-the secret key names to create. Crossplane only adds the keys listed to the
-combined secret.
-
-{{}}
-When changing the {{}}connectionSecretKeys{{}} of an XRD the change isn't immediately reflected.
-You have two options to change the keys in the combined secret object.
-- Delete and recreate the XRD. This only makes sense if the XRD isn't used as it leads to the deletion of XRs.
-- Restart the XR reconciler, which can be done by restarting the Crossplane pod.
-{{}}
-
-For example, an XRD may restrict the secrets to only the
-{{}}username{{}},
-{{}}password{{}} and custom named
-{{}}key2-user{{}} keys.
-
-```yaml {label="xrd",copy-lines="4-12"}
-kind: CompositeResourceDefinition
-spec:
- # Removed for brevity.
- connectionSecretKeys:
- - username
- - password
- - key2-user
-```
-
-The secret from an individual resource contains all the resources detailed in
-the Composition's `connectionDetails`.
-
-```shell {label="xrdSec",copy-lines="1"}
-kubectl describe secret key1 -n docs
-Name: key1
-Namespace: docs
-
-Data
-====
-password: 40 bytes
-username: 20 bytes
-attribute.secret: 40 bytes
-attribute.ses_smtp_password_v4: 44 bytes
-```
-
-The Claim's secret only contains the
-keys allowed by the XRD
-{{}}connectionSecretKeys{{}}
-fields.
-
-```shell {label="xrdSec2",copy-lines="2"}
-kubectl describe secret my-access-key-secret
-Name: my-access-key-secret
-
-Data
-====
-key2-user: 20 bytes
-password: 40 bytes
-username: 20 bytes
-```
-
-## Secret objects
-Compositions create a secret object for each resource and an extra secret
-containing all the secrets from all resources.
-
-Crossplane saves the resource secret objects in the location defined by the
-resource's
-{{}}writeConnectionSecretToRef{{}}.
-
-Crossplane saves the combined secret with a Crossplane generated name in the
-namespace defined in the Composition's
-{{}}writeConnectionSecretsToNamespace{{}}.
-
-```yaml {label="comp4",copy-lines="none"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-spec:
- writeConnectionSecretsToNamespace: other-namespace
- mode: Pipeline
- pipeline:
- - step: patch-and-transform
- functionRef:
- name: function-patch-and-transform
- input:
- apiVersion: pt.fn.crossplane.io/v1beta1
- kind: Resources
- resources:
- - name: key
- base:
- kind: AccessKey
- spec:
- # Removed for brevity
- writeConnectionSecretToRef:
- namespace: docs
- name: key1
- connectionDetails:
- - name: user
- type: FromConnectionSecretKey
- fromConnectionSecretKey: username
- - name: key2
- base:
- kind: AccessKey
- spec:
- # Removed for brevity
- writeConnectionSecretToRef:
- namespace: docs
- name: key2
- connectionDetails:
- - name: key2-user
- type: FromConnectionSecretKey
- fromConnectionSecretKey: username
-```
-
-If a Claim uses a secret, it's stored in the same namespace as the Claim with
-the name defined in the Claim's
-{{}}writeConnectionSecretToRef{{}}.
-
-```yaml {label="claim3",copy-lines="none"}
-apiVersion: example.org/v1alpha1
-kind: SecretTest
-metadata:
- name: test-secrets
- namespace: default
-spec:
- writeConnectionSecretToRef:
- name: my-access-key-secret
-```
-
-After applying the Claim Crossplane creates the following secrets:
-* The Claim's secret, {{}}my-access-key-secret{{}}
- in the Claim's {{}}namespace{{}}.
-* The first resource's secret object, {{}}key1{{}}.
-* The second resource's secret object, {{}}key2{{}}.
-* The composite resource secret object in the
- {{}}other-namespace{{}} defined by the
- Composition's `writeConnectionSecretsToNamespace`.
-
-
-```shell {label="allSec",copy-lines="none"}
- kubectl get secret -A
-NAMESPACE NAME TYPE DATA AGE
-default my-access-key-secret connection.crossplane.io/v1alpha1 8 29m
-docs key1 connection.crossplane.io/v1alpha1 4 31m
-docs key2 connection.crossplane.io/v1alpha1 4 31m
-other-namespace b0dc71f8-2688-4ebc-818a-bbad6a2c4f9a connection.crossplane.io/v1alpha1 8 31m
-```
\ No newline at end of file
diff --git a/content/v1.19/concepts/server-side-apply.md b/content/v1.19/concepts/server-side-apply.md
deleted file mode 100644
index 02170aa3b..000000000
--- a/content/v1.19/concepts/server-side-apply.md
+++ /dev/null
@@ -1,110 +0,0 @@
----
-title: Server-Side Apply
-state: beta
-alphaVersion: "1.15"
-betaVersion: "1.19"
-weight: 300
----
-
-Crossplane can use server-side apply to sync claims with composite resources
-(XRs), and to sync composite resources with composed resources.
-
-When Crossplane uses server-side apply, the Kubernetes API server helps sync
-resources. Using server-side apply makes syncing more predictable and less
-buggy.
-
-{{}}
-Server-side apply is a Kubernetes feature. Read more about server-side apply in
-the [Kubernetes documentation](https://kubernetes.io/docs/reference/using-api/server-side-apply/).
-{{}}
-
-## Disable server-side apply
-
-Server-Side Apply is a beta feature. Beta features are enabled by default.
-
-
-Disable server-side apply by disabling the `--enable-ssa-claims` feature flag.
-Read the [Install Crossplane documentation]({{][}})
-to learn about feature flags.
-
-When server-side apply is disabled, you might see fields reappearing after you delete
-them from a claim's `spec`. Also, Crossplane doesn't delete labels and annotations from
-the composite resource when you delete them from the claim.
-
-
-## Use server-side apply to sync claims with composite resources
-
-When you create a claim, Crossplane creates a corresponding composite resource.
-Crossplane keeps the claim in sync with the composite resource. When you change
-the claim, Crossplane reflects those changes on the composite resource.
-
-Read the [claims documentation]({{][}}) to learn more about claims
-and how they relate to composite resources.
-
-Crossplane can use server-side apply to keep the claim in sync with the
-composite resource.
-
-{{}}
-With server-side apply, Crossplane is stricter about how it syncs
-a claim with its counterpart composite resource:
-
-- The claim's `metadata` syncs to the composite resource's `metadata`.
-- The claim's `spec` syncs to the composite resource's `spec`.
-- The composite resource's `status` syncs to the claim's `status`.
-
-With server-side apply Crossplane doesn't sync the composite resource's `metadata`
-and `spec` back to the claim's `metadata` and `spec`. It also doesn't sync the
-claim's `status` to the composite resource's `status`.
-{{}}
-
-## Use server-side apply to sync claims end-to-end
-
-To get the full benefit of server-side apply, use it together with composition functions.
-
-When you use composition functions, Crossplane uses server side apply to sync
-composite resources with composed resources. Read more about this in the
-[composition functions documentation]({{][}}).
-
-```mermaid
-graph LR
- A(Claim) -- claim server-side apply --> B(Composite Resource)
- B -- function server-side apply --> C(Composed Resource)
- B -- function server-side apply --> D(Composed Resource)
- B -- function server-side apply --> E(Composed Resource)
-```
-
-When you use server-side apply end-to-end there is a clear, predictable
-propagation of fields from claim to composed resources, and back:
-
-* `metadata` and `spec` flow forwards, from claim to XR to composed resources.
-* `status` flows backwards, from composed resources to XR to claim.
-
-{{}}
-When you use composition functions, Crossplane is stricter about how it syncs
-composite resources (XRs) with composed resources:
-
-- The XR's `metadata` syncs to the composed resource's `metadata`.
-- The XR's `spec` syncs to the composed resource's `spec`.
-- The composed resource's `status` syncs to the XR's `status`.
-
-When you use composition functions Crossplane doesn't sync the composed resource's `metadata`
-and `spec` back to the XR's `metadata` and `spec`.
-{{}}
-
-When Crossplane uses server-side apply end-to-end to sync claims with composed
-resources, it deletes fields from a composed resource's `spec` when you
-delete fields from the claim's `spec`.
-
-When Crossplane uses server-side apply end-to-end it's also able to merge claim
-fields into complex composed resource fields. Objects and arrays of objects are
-examples of complex composed resource fields.
-
-{{}}
-Crossplane can only merge complex fields for resources that use server-side
-apply merge strategy OpenAPI extensions. Read about these extensions in the
-Kubernetes [server-side apply documentation](https://kubernetes.io/docs/reference/using-api/server-side-apply/#merge-strategy).
-
-If you find that Crossplane isn't merging managed resource fields, raise an
-issue against the relevant provider. Ask the provider maintainer to add
-server-side apply merge strategy extensions to the managed resource.
-{{}}
\ No newline at end of file
diff --git a/content/v1.19/getting-started/_index.md b/content/v1.19/getting-started/_index.md
deleted file mode 100644
index 860fbbf99..000000000
--- a/content/v1.19/getting-started/_index.md
+++ /dev/null
@@ -1,16 +0,0 @@
----
-title: Getting Started
-weight: 4
-description: An introduction to Crossplane and Crossplane quickstart guides.
----
-
-{{]
}}
-
-## Hands-on
-Want a hands-on example? Follow a Crossplane Quickstart for your cloud provider.
-* [AWS quickstart]({{[}})
-* [Azure quickstart]({{][}})
-* [GCP quickstart]({{][}})
-
-## Install
-Ready to get started? [Install Crossplane]({{][}}) in a Kubernetes cluster.
\ No newline at end of file
diff --git a/content/v1.19/getting-started/install-crossplane-include.md b/content/v1.19/getting-started/install-crossplane-include.md
deleted file mode 100644
index 450153737..000000000
--- a/content/v1.19/getting-started/install-crossplane-include.md
+++ /dev/null
@@ -1,1127 +0,0 @@
----
-tocHidden: true
-searchExclude: true
----
-
-## Install Crossplane
-
-Crossplane installs into an existing Kubernetes cluster.
-
-{{< hint type="tip" >}}
-If you don't have a Kubernetes cluster create one locally with [Kind](https://kind.sigs.k8s.io/).
-{{< /hint >}}
-
-
-### Install the Crossplane Helm chart
-
-Helm enables Crossplane to install all its Kubernetes components through a _Helm Chart_.
-
-Enable the Crossplane Helm Chart repository:
-
-```shell
-helm repo add \
-crossplane-stable https://charts.crossplane.io/stable
-helm repo update
-```
-
-Run the Helm dry-run to see all the Crossplane components Helm installs.
-
-```shell
-helm install crossplane \
-crossplane-stable/crossplane \
---dry-run --debug \
---namespace crossplane-system \
---create-namespace
-```
-{{}}
-```shell
-helm install crossplane \
-crossplane-stable/crossplane \
---dry-run --debug \
---namespace crossplane-system \
---create-namespace
-install.go:214: [debug] Original chart version: ""
-install.go:216: [debug] setting version to >0.0.0-0
-install.go:231: [debug] CHART PATH: /Users/plumbis/Library/Caches/helm/repository/crossplane-1.15.0.tgz
-
-NAME: crossplane
-LAST DEPLOYED: Mon Feb 12 14:46:15 2024
-NAMESPACE: default
-STATUS: pending-install
-REVISION: 1
-TEST SUITE: None
-USER-SUPPLIED VALUES:
-{}
-
-COMPUTED VALUES:
-affinity: {}
-args: []
-configuration:
- packages: []
-customAnnotations: {}
-customLabels: {}
-deploymentStrategy: RollingUpdate
-extraEnvVarsCrossplane: {}
-extraEnvVarsRBACManager: {}
-extraObjects: []
-extraVolumeMountsCrossplane: {}
-extraVolumesCrossplane: {}
-function:
- packages: []
-hostNetwork: false
-image:
- pullPolicy: IfNotPresent
- repository: xpkg.crossplane.io/crossplane/crossplane
- tag: ""
-imagePullSecrets: {}
-leaderElection: true
-metrics:
- enabled: false
-nodeSelector: {}
-packageCache:
- configMap: ""
- medium: ""
- pvc: ""
- sizeLimit: 20Mi
-podSecurityContextCrossplane: {}
-podSecurityContextRBACManager: {}
-priorityClassName: ""
-provider:
- packages: []
-rbacManager:
- affinity: {}
- args: []
- deploy: true
- leaderElection: true
- nodeSelector: {}
- replicas: 1
- skipAggregatedClusterRoles: false
- tolerations: []
-registryCaBundleConfig:
- key: ""
- name: ""
-replicas: 1
-resourcesCrossplane:
- limits:
- cpu: 100m
- memory: 512Mi
- requests:
- cpu: 100m
- memory: 256Mi
-resourcesRBACManager:
- limits:
- cpu: 100m
- memory: 512Mi
- requests:
- cpu: 100m
- memory: 256Mi
-securityContextCrossplane:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 65532
- runAsUser: 65532
-securityContextRBACManager:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 65532
- runAsUser: 65532
-serviceAccount:
- customAnnotations: {}
-tolerations: []
-webhooks:
- enabled: true
-
-HOOKS:
-MANIFEST:
----
-# Source: crossplane/templates/rbac-manager-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: rbac-manager
- namespace: default
- labels:
- app: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
----
-# Source: crossplane/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: crossplane
- namespace: default
- labels:
- app: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
----
-# Source: crossplane/templates/secret.yaml
-# The reason this is created empty and filled by the init container is we want
-# to manage the lifecycle of the secret via Helm. This way whenever Crossplane
-# is deleted, the secret is deleted as well.
-apiVersion: v1
-kind: Secret
-metadata:
- name: crossplane-root-ca
- namespace: default
-type: Opaque
----
-# Source: crossplane/templates/secret.yaml
-# The reason this is created empty and filled by the init container is we want
-# to manage the lifecycle of the secret via Helm. This way whenever Crossplane
-# is deleted, the secret is deleted as well.
-apiVersion: v1
-kind: Secret
-metadata:
- name: crossplane-tls-server
- namespace: default
-type: Opaque
----
-# Source: crossplane/templates/secret.yaml
-# The reason this is created empty and filled by the init container is we want
-# to manage the lifecycle of the secret via Helm. This way whenever Crossplane
-# is deleted, the secret is deleted as well.
-apiVersion: v1
-kind: Secret
-metadata:
- name: crossplane-tls-client
- namespace: default
-type: Opaque
----
-# Source: crossplane/templates/clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: crossplane
- labels:
- app: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
-aggregationRule:
- clusterRoleSelectors:
- - matchLabels:
- rbac.crossplane.io/aggregate-to-crossplane: "true"
----
-# Source: crossplane/templates/clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: crossplane:system:aggregate-to-crossplane
- labels:
- app: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
- crossplane.io/scope: "system"
- rbac.crossplane.io/aggregate-to-crossplane: "true"
-rules:
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - update
- - patch
- - delete
-- apiGroups:
- - apiextensions.k8s.io
- resources:
- - customresourcedefinitions
- - customresourcedefinitions/status
- verbs:
- - "*"
-- apiGroups:
- - ""
- resources:
- - secrets
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
-- apiGroups:
- - ""
- resources:
- - serviceaccounts
- - services
- verbs:
- - "*"
-- apiGroups:
- - apiextensions.crossplane.io
- - pkg.crossplane.io
- - secrets.crossplane.io
- resources:
- - "*"
- verbs:
- - "*"
-- apiGroups:
- - extensions
- - apps
- resources:
- - deployments
- verbs:
- - get
- - list
- - create
- - update
- - patch
- - delete
- - watch
-- apiGroups:
- - ""
- - coordination.k8s.io
- resources:
- - configmaps
- - leases
- verbs:
- - get
- - list
- - create
- - update
- - patch
- - watch
- - delete
-- apiGroups:
- - admissionregistration.k8s.io
- resources:
- - validatingwebhookconfigurations
- - mutatingwebhookconfigurations
- verbs:
- - get
- - list
- - create
- - update
- - patch
- - watch
- - delete
----
-# Source: crossplane/templates/rbac-manager-allowed-provider-permissions.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: crossplane:allowed-provider-permissions
- labels:
- app: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
-aggregationRule:
- clusterRoleSelectors:
- - matchLabels:
- rbac.crossplane.io/aggregate-to-allowed-provider-permissions: "true"
----
-# Source: crossplane/templates/rbac-manager-clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: crossplane-rbac-manager
- labels:
- app: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
-rules:
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - update
- - patch
- - delete
-- apiGroups:
- - ""
- resources:
- - namespaces
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - apps
- resources:
- - deployments
- verbs:
- - get
- - list
- - watch
-# The RBAC manager creates a series of RBAC roles for each namespace it sees.
-# These RBAC roles are controlled (in the owner reference sense) by the namespace.
-# The RBAC manager needs permission to set finalizers on Namespaces in order to
-# create resources that block their deletion when the
-# OwnerReferencesPermissionEnforcement admission controller is enabled.
-# See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
-- apiGroups:
- - ""
- resources:
- - namespaces/finalizers
- verbs:
- - update
-- apiGroups:
- - apiextensions.crossplane.io
- resources:
- - compositeresourcedefinitions
- verbs:
- - get
- - list
- - watch
-# The RBAC manager creates a series of RBAC cluster roles for each XRD it sees.
-# These cluster roles are controlled (in the owner reference sense) by the XRD.
-# The RBAC manager needs permission to set finalizers on XRDs in order to
-# create resources that block their deletion when the
-# OwnerReferencesPermissionEnforcement admission controller is enabled.
-# See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
-- apiGroups:
- - apiextensions.crossplane.io
- resources:
- - compositeresourcedefinitions/finalizers
- verbs:
- - update
-- apiGroups:
- - pkg.crossplane.io
- resources:
- - providerrevisions
- verbs:
- - get
- - list
- - watch
-# The RBAC manager creates a series of RBAC cluster roles for each ProviderRevision
-# it sees. These cluster roles are controlled (in the owner reference sense) by the
-# ProviderRevision. The RBAC manager needs permission to set finalizers on
-# ProviderRevisions in order to create resources that block their deletion when the
-# OwnerReferencesPermissionEnforcement admission controller is enabled.
-# See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
-- apiGroups:
- - pkg.crossplane.io
- resources:
- - providerrevisions/finalizers
- verbs:
- - update
-- apiGroups:
- - apiextensions.k8s.io
- resources:
- - customresourcedefinitions
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - rbac.authorization.k8s.io
- resources:
- - clusterroles
- - roles
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- # The RBAC manager may grant access it does not have.
- - escalate
-- apiGroups:
- - rbac.authorization.k8s.io
- resources:
- - clusterroles
- verbs:
- - bind
-- apiGroups:
- - rbac.authorization.k8s.io
- resources:
- - clusterrolebindings
- verbs:
- - "*"
-- apiGroups:
- - ""
- - coordination.k8s.io
- resources:
- - configmaps
- - leases
- verbs:
- - get
- - list
- - create
- - update
- - patch
- - watch
- - delete
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: crossplane-admin
- labels:
- app: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
-aggregationRule:
- clusterRoleSelectors:
- - matchLabels:
- rbac.crossplane.io/aggregate-to-admin: "true"
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: crossplane-edit
- labels:
- app: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
-aggregationRule:
- clusterRoleSelectors:
- - matchLabels:
- rbac.crossplane.io/aggregate-to-edit: "true"
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: crossplane-view
- labels:
- app: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
-aggregationRule:
- clusterRoleSelectors:
- - matchLabels:
- rbac.crossplane.io/aggregate-to-view: "true"
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: crossplane-browse
- labels:
- app: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
-aggregationRule:
- clusterRoleSelectors:
- - matchLabels:
- rbac.crossplane.io/aggregate-to-browse: "true"
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: crossplane:aggregate-to-admin
- labels:
- rbac.crossplane.io/aggregate-to-admin: "true"
- app: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
-rules:
-# Crossplane administrators have access to view events.
-- apiGroups: [""]
- resources: [events]
- verbs: [get, list, watch]
-# Crossplane administrators must create provider credential secrets, and may
-# need to read or otherwise interact with connection secrets. They may also need
-# to create or annotate namespaces.
-- apiGroups: [""]
- resources: [secrets, namespaces]
- verbs: ["*"]
-# Crossplane administrators have access to view the roles that they may be able
-# to grant to other subjects.
-- apiGroups: [rbac.authorization.k8s.io]
- resources: [clusterroles, roles]
- verbs: [get, list, watch]
-# Crossplane administrators have access to grant the access they have to other
-# subjects.
-- apiGroups: [rbac.authorization.k8s.io]
- resources: [clusterrolebindings, rolebindings]
- verbs: ["*"]
-# Crossplane administrators have full access to built in Crossplane types.
-- apiGroups:
- - apiextensions.crossplane.io
- resources: ["*"]
- verbs: ["*"]
-- apiGroups:
- - pkg.crossplane.io
- resources: ["*"]
- verbs: ["*"]
-# Crossplane administrators have access to view CRDs in order to debug XRDs.
-- apiGroups: [apiextensions.k8s.io]
- resources: [customresourcedefinitions]
- verbs: [get, list, watch]
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: crossplane:aggregate-to-edit
- labels:
- rbac.crossplane.io/aggregate-to-edit: "true"
- app: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
-rules:
-# Crossplane editors have access to view events.
-- apiGroups: [""]
- resources: [events]
- verbs: [get, list, watch]
-# Crossplane editors must create provider credential secrets, and may need to
-# read or otherwise interact with connection secrets.
-- apiGroups: [""]
- resources: [secrets]
- verbs: ["*"]
-# Crossplane editors may see which namespaces exist, but not edit them.
-- apiGroups: [""]
- resources: [namespaces]
- verbs: [get, list, watch]
-# Crossplane editors have full access to built in Crossplane types.
-- apiGroups:
- - apiextensions.crossplane.io
- resources: ["*"]
- verbs: ["*"]
-- apiGroups:
- - pkg.crossplane.io
- resources: ["*"]
- verbs: ["*"]
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: crossplane:aggregate-to-view
- labels:
- rbac.crossplane.io/aggregate-to-view: "true"
- app: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
-rules:
-# Crossplane viewers have access to view events.
-- apiGroups: [""]
- resources: [events]
- verbs: [get, list, watch]
-# Crossplane viewers may see which namespaces exist.
-- apiGroups: [""]
- resources: [namespaces]
- verbs: [get, list, watch]
-# Crossplane viewers have read-only access to built in Crossplane types.
-- apiGroups:
- - apiextensions.crossplane.io
- resources: ["*"]
- verbs: [get, list, watch]
-- apiGroups:
- - pkg.crossplane.io
- resources: ["*"]
- verbs: [get, list, watch]
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: crossplane:aggregate-to-browse
- labels:
- rbac.crossplane.io/aggregate-to-browse: "true"
- app: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
-rules:
-# Crossplane browsers have access to view events.
-- apiGroups: [""]
- resources: [events]
- verbs: [get, list, watch]
-# Crossplane browsers have read-only access to compositions and XRDs. This
-# allows them to discover and select an appropriate composition when creating a
-# resource claim.
-- apiGroups:
- - apiextensions.crossplane.io
- resources: ["*"]
- verbs: [get, list, watch]
----
-# Source: crossplane/templates/clusterrolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: crossplane
- labels:
- app: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: crossplane
-subjects:
-- kind: ServiceAccount
- name: crossplane
- namespace: default
----
-# Source: crossplane/templates/rbac-manager-clusterrolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: crossplane-rbac-manager
- labels:
- app: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: crossplane-rbac-manager
-subjects:
-- kind: ServiceAccount
- name: rbac-manager
- namespace: default
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: crossplane-admin
- labels:
- app: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: crossplane-admin
-subjects:
-- apiGroup: rbac.authorization.k8s.io
- kind: Group
- name: crossplane:masters
----
-# Source: crossplane/templates/service.yaml
-apiVersion: v1
-kind: Service
-metadata:
- name: crossplane-webhooks
- namespace: default
- labels:
- app: crossplane
- release: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
-spec:
- selector:
- app: crossplane
- release: crossplane
- ports:
- - protocol: TCP
- port: 9443
- targetPort: 9443
----
-# Source: crossplane/templates/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: crossplane
- namespace: default
- labels:
- app: crossplane
- release: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: crossplane
- release: crossplane
- strategy:
- type: RollingUpdate
- template:
- metadata:
- labels:
- app: crossplane
- release: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
- spec:
- serviceAccountName: crossplane
- hostNetwork: false
- initContainers:
- - image: "xpkg.crossplane.io/crossplane/crossplane:v1.15.0"
- args:
- - core
- - init
- imagePullPolicy: IfNotPresent
- name: crossplane-init
- resources:
- limits:
- cpu: 100m
- memory: 512Mi
- requests:
- cpu: 100m
- memory: 256Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 65532
- runAsUser: 65532
- env:
- - name: GOMAXPROCS
- valueFrom:
- resourceFieldRef:
- containerName: crossplane-init
- resource: limits.cpu
- divisor: "1"
- - name: GOMEMLIMIT
- valueFrom:
- resourceFieldRef:
- containerName: crossplane-init
- resource: limits.memory
- divisor: "1"
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: POD_SERVICE_ACCOUNT
- valueFrom:
- fieldRef:
- fieldPath: spec.serviceAccountName
- - name: "WEBHOOK_SERVICE_NAME"
- value: crossplane-webhooks
- - name: "WEBHOOK_SERVICE_NAMESPACE"
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: "WEBHOOK_SERVICE_PORT"
- value: "9443"
- - name: "TLS_CA_SECRET_NAME"
- value: crossplane-root-ca
- - name: "TLS_SERVER_SECRET_NAME"
- value: crossplane-tls-server
- - name: "TLS_CLIENT_SECRET_NAME"
- value: crossplane-tls-client
- containers:
- - image: "xpkg.crossplane.io/crossplane/crossplane:v1.15.0"
- args:
- - core
- - start
- imagePullPolicy: IfNotPresent
- name: crossplane
- resources:
- limits:
- cpu: 100m
- memory: 512Mi
- requests:
- cpu: 100m
- memory: 256Mi
- startupProbe:
- failureThreshold: 30
- periodSeconds: 2
- tcpSocket:
- port: readyz
- ports:
- - name: readyz
- containerPort: 8081
- - name: webhooks
- containerPort: 9443
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 65532
- runAsUser: 65532
- env:
- - name: GOMAXPROCS
- valueFrom:
- resourceFieldRef:
- containerName: crossplane
- resource: limits.cpu
- divisor: "1"
- - name: GOMEMLIMIT
- valueFrom:
- resourceFieldRef:
- containerName: crossplane
- resource: limits.memory
- divisor: "1"
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: POD_SERVICE_ACCOUNT
- valueFrom:
- fieldRef:
- fieldPath: spec.serviceAccountName
- - name: LEADER_ELECTION
- value: "true"
- - name: "TLS_SERVER_SECRET_NAME"
- value: crossplane-tls-server
- - name: "TLS_SERVER_CERTS_DIR"
- value: /tls/server
- - name: "TLS_CLIENT_SECRET_NAME"
- value: crossplane-tls-client
- - name: "TLS_CLIENT_CERTS_DIR"
- value: /tls/client
- volumeMounts:
- - mountPath: /cache
- name: package-cache
- - mountPath: /tls/server
- name: tls-server-certs
- - mountPath: /tls/client
- name: tls-client-certs
- volumes:
- - name: package-cache
- emptyDir:
- medium:
- sizeLimit: 20Mi
- - name: tls-server-certs
- secret:
- secretName: crossplane-tls-server
- - name: tls-client-certs
- secret:
- secretName: crossplane-tls-client
----
-# Source: crossplane/templates/rbac-manager-deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: crossplane-rbac-manager
- namespace: default
- labels:
- app: crossplane-rbac-manager
- release: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: crossplane-rbac-manager
- release: crossplane
- strategy:
- type: RollingUpdate
- template:
- metadata:
- labels:
- app: crossplane-rbac-manager
- release: crossplane
- helm.sh/chart: crossplane-1.15.0
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: cloud-infrastructure-controller
- app.kubernetes.io/part-of: crossplane
- app.kubernetes.io/name: crossplane
- app.kubernetes.io/instance: crossplane
- app.kubernetes.io/version: "1.15.0"
- spec:
- serviceAccountName: rbac-manager
- initContainers:
- - image: "xpkg.crossplane.io/crossplane/crossplane:v1.15.0"
- args:
- - rbac
- - init
- imagePullPolicy: IfNotPresent
- name: crossplane-init
- resources:
- limits:
- cpu: 100m
- memory: 512Mi
- requests:
- cpu: 100m
- memory: 256Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 65532
- runAsUser: 65532
- env:
- - name: GOMAXPROCS
- valueFrom:
- resourceFieldRef:
- containerName: crossplane-init
- resource: limits.cpu
- - name: GOMEMLIMIT
- valueFrom:
- resourceFieldRef:
- containerName: crossplane-init
- resource: limits.memory
- containers:
- - image: "xpkg.crossplane.io/crossplane/crossplane:v1.15.0"
- args:
- - rbac
- - start
- - --provider-clusterrole=crossplane:allowed-provider-permissions
- imagePullPolicy: IfNotPresent
- name: crossplane
- resources:
- limits:
- cpu: 100m
- memory: 512Mi
- requests:
- cpu: 100m
- memory: 256Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 65532
- runAsUser: 65532
- env:
- - name: GOMAXPROCS
- valueFrom:
- resourceFieldRef:
- containerName: crossplane
- resource: limits.cpu
- - name: GOMEMLIMIT
- valueFrom:
- resourceFieldRef:
- containerName: crossplane
- resource: limits.memory
- - name: LEADER_ELECTION
- value: "true"
-
-NOTES:
-Release: crossplane
-
-Chart Name: crossplane
-Chart Description: Crossplane is an open source Kubernetes add-on that enables platform teams to assemble infrastructure from multiple vendors, and expose higher level self-service APIs for application teams to consume.
-Chart Version: 1.15.0
-Chart Application Version: 1.15.0
-
-Kube Version: v1.27.3
-```
-{{< /expand >}}
-
-Install the Crossplane components using `helm install`.
-
-```shell
-helm install crossplane \
-crossplane-stable/crossplane \
---namespace crossplane-system \
---create-namespace
-```
-
-Verify Crossplane installed with `kubectl get pods`.
-
-```shell {copy-lines="1"}
-kubectl get pods -n crossplane-system
-NAME READY STATUS RESTARTS AGE
-crossplane-d4cd8d784-ldcgb 1/1 Running 0 54s
-crossplane-rbac-manager-84769b574-6mw6f 1/1 Running 0 54s
-```
-
-Installing Crossplane creates new Kubernetes API end-points.
-Look at the new API end-points with `kubectl api-resources | grep crossplane`.
-
-```shell {label="grep",copy-lines="1"}
-kubectl api-resources | grep crossplane
-compositeresourcedefinitions xrd,xrds apiextensions.crossplane.io/v1 false CompositeResourceDefinition
-compositionrevisions comprev apiextensions.crossplane.io/v1 false CompositionRevision
-compositions comp apiextensions.crossplane.io/v1 false Composition
-environmentconfigs envcfg apiextensions.crossplane.io/v1beta1 false EnvironmentConfig
-usages apiextensions.crossplane.io/v1alpha1 false Usage
-configurationrevisions pkg.crossplane.io/v1 false ConfigurationRevision
-configurations pkg.crossplane.io/v1 false Configuration
-controllerconfigs pkg.crossplane.io/v1alpha1 false ControllerConfig
-deploymentruntimeconfigs pkg.crossplane.io/v1beta1 false DeploymentRuntimeConfig
-functionrevisions pkg.crossplane.io/v1beta1 false FunctionRevision
-functions pkg.crossplane.io/v1beta1 false Function
-locks pkg.crossplane.io/v1beta1 false Lock
-providerrevisions pkg.crossplane.io/v1 false ProviderRevision
-providers pkg.crossplane.io/v1 false Provider
-storeconfigs secrets.crossplane.io/v1alpha1 false StoreConfig
-```
diff --git a/content/v1.19/getting-started/introduction.md b/content/v1.19/getting-started/introduction.md
deleted file mode 100644
index 2142c322c..000000000
--- a/content/v1.19/getting-started/introduction.md
+++ /dev/null
@@ -1,492 +0,0 @@
----
-title: Crossplane Introduction
-weight: 2
----
-
-Crossplane connects your Kubernetes cluster to external,
-non-Kubernetes resources, and allows platform teams to build custom Kubernetes
-APIs to consume those resources.
-
-
-Crossplane creates Kubernetes
-[Custom Resource Definitions](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/)
-(`CRDs`) to represent the external resources as native
-[Kubernetes objects](https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/).
-As native Kubernetes objects, you can use standard commands like `kubectl create`
-and `kubectl describe`. The full
-[Kubernetes API](https://kubernetes.io/docs/reference/using-api/) is available
-for every Crossplane resource.
-
-
-Crossplane also acts as a
-[Kubernetes Controller](https://kubernetes.io/docs/concepts/architecture/controller/)
-to watch the state of the external resources and provide state enforcement. If
-something modifies or deletes a resource outside of Kubernetes, Crossplane reverses
-the change or recreates the deleted resource.
-
-{{]
}}
-With Crossplane installed in a Kubernetes cluster, users only communicate with
-Kubernetes. Crossplane manages the communication to external resources like AWS,
-Azure or Google Cloud.
-
-Crossplane also allows the creation of custom Kubernetes APIs. Platform teams can
-combine external resources and simplify or customize the APIs presented to the
-platform consumers.
-
-## Crossplane components overview
-This table provides a summary of Crossplane components and their roles.
-
-{{< table "table table-hover table-sm">}}
-| Component | Abbreviation | Scope | Summary |
-| --- | --- | --- | ---- |
-| [Provider]({{[}}) | | cluster | Creates new Kubernetes Custom Resource Definitions for an external service. |
-| [ProviderConfig]({{][}}) | `PC` | cluster | Applies settings for a _Provider_. |
-| [Managed Resource]({{][}}) | `MR` | cluster | A Provider resource created and managed by Crossplane inside the Kubernetes cluster. |
-| [Composition]({{][}}) | | cluster | A template for creating multiple _managed resources_ at once. |
-| [Composite Resources]({{][}}) | `XR` | cluster | Uses a _Composition_ template to create multiple _managed resources_ as a single Kubernetes object. |
-| [CompositeResourceDefinitions]({{][}}) | `XRD` | cluster | Defines the API schema for _Composite Resources_ and _Claims_ |
-| [Claims]({{][}}) | `XC` | namespace | Like a _Composite Resource_, but namespace scoped. |
-{{< /table >}}
-
-## The Crossplane Pod
-When installed in a Kubernetes cluster Crossplane creates an initial set of
-Custom Resource Definitions (`CRDs`) of the core Crossplane components.
-
-{{< expand "View the initial Crossplane CRDs" >}}
-After installing Crossplane use `kubectl get crds` to view the Crossplane
-installed CRDs.
-
-```shell
-❯ kubectl get crd
-NAME
-compositeresourcedefinitions.apiextensions.crossplane.io
-compositionrevisions.apiextensions.crossplane.io
-compositions.apiextensions.crossplane.io
-configurationrevisions.pkg.crossplane.io
-configurations.pkg.crossplane.io
-controllerconfigs.pkg.crossplane.io
-deploymentruntimeconfigs.pkg.crossplane.io
-environmentconfigs.apiextensions.crossplane.io
-functionrevisions.pkg.crossplane.io
-functions.pkg.crossplane.io
-locks.pkg.crossplane.io
-providerrevisions.pkg.crossplane.io
-providers.pkg.crossplane.io
-storeconfigs.secrets.crossplane.io
-usages.apiextensions.crossplane.io
-```
-{{< /expand >}}
-
-The following sections describe the functions of some of these CRDs.
-
-
-
-## Providers
-
-A Crossplane _Provider_ creates a second set of CRDs that define how Crossplane
-connects to a non-Kubernetes service. Each external service relies on its own
-Provider. For example,
-[AWS](https://github.com/crossplane-contrib/provider-upjet-aws),
-[Azure](https://github.com/crossplane-contrib/provider-upjet-azure)
-and [GCP](https://github.com/crossplane-contrib/provider-upjet-gcp)
-are different providers for each cloud service.
-
-{{< hint "tip" >}}
-Most Providers are for cloud services but Crossplane can use a Provider to
-connect to any service with an API.
-{{< /hint >}}
-
-For example, an AWS Provider defines Kubernetes CRDs for AWS resources like EC2
-compute instances or S3 storage buckets.
-
-The Provider defines the Kubernetes API definition for the external resource.
-For example,
-[provider-upjet-aws](https://github.com/crossplane-contrib/provider-upjet-aws)
-defines a
-[`bucket`](https://github.com/crossplane-contrib/provider-upjet-aws/blob/release-1.20/package/crds/s3.aws.upbound.io_buckets.yaml)
-resource for creating and managing AWS S3 storage buckets.
-
-In the `bucket` CRD is a
-[`spec.forProvider.region`](https://github.com/crossplane-contrib/provider-upjet-aws/blob/release-1.20/package/crds/s3.aws.upbound.io_buckets.yaml#L91)
-value that defines which AWS region to deploy the bucket in.
-
-More providers are available in the [Crossplane Contrib repository](https://github.com/crossplane-contrib/).
-
-Providers are cluster scoped and available to all cluster namespaces.
-
-View all installed Providers with the command `kubectl get providers`.
-
-## Provider configurations
-Providers have _ProviderConfigs_. _ProviderConfigs_ configure settings
-related to the Provider like authentication or global defaults for the
-Provider.
-
-The API endpoints for ProviderConfigs are unique to each Provider.
-
-_ProviderConfigs_ are cluster scoped and available to all cluster namespaces.
-
-View all installed ProviderConfigs with the command `kubectl get providerconfig`.
-
-## Managed resources
-A Provider's CRDs map to individual _resources_ inside the provider. When
-Crossplane creates and monitors a resource it's a _Managed Resource_.
-
-Using a Provider's CRD creates a unique _Managed Resource_. For example,
-using the Provider AWS's `bucket` CRD, Crossplane creates a `bucket` _Managed Resource_
-inside the Kubernetes cluster that's connected to an AWS S3 storage bucket.
-
-The Crossplane controller provides state enforcement for _Managed Resources_.
-Crossplane enforces the settings and existence of _Managed Resources_. This
-"Controller Pattern" is like how the Kubernetes
-[kube-controller-manager](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/)
-enforces state for pods.
-
-_Managed Resources_ are cluster scoped and available to all cluster namespaces.
-
-Use `kubectl get managed` to view all _managed resources_.
-{{}}
-The `kubectl get managed` creates a lot of Kubernetes API queries.
-Both the `kubectl` client and kube-apiserver throttle the API queries.
-
-Depending on the size of the API server and number of managed resources, this
-command may take minutes to return or may timeout.
-
-For more information, read
-[Kubernetes issue #111880](https://github.com/kubernetes/kubernetes/issues/111880)
-and
-[Crossplane issue #3459](https://github.com/crossplane/crossplane/issues/3459).
-{{< /hint >}}
-
-## Compositions
-
-A _Composition_ is a template for a collection of _managed resource_. _Compositions_
-allow platform teams to define a set of _managed resources_ as a
-single object.
-
-For example, a compute _managed resource_ may require the creation of a storage
-resource and a virtual network as well. A single _Composition_ can define all three
-resources in a single _Composition_ object.
-
-Using _Compositions_ simplifies the deployment of infrastructure made up of
-multiple _managed resources_. _Compositions_ also enforce standards and settings
-across deployments.
-
-Platform teams can define fixed or default settings for each _managed resource_ inside a
-_Composition_ or define fields and settings that users may change.
-
-Using the previous example, the platform team may set a compute resource size
-and virtual network settings. But the platform team allows users to define the
-storage resource size.
-
-Creating a _Composition_ Crossplane doesn't create any managed
-resources. The _Composition_ is only a template for a collection of _managed
-resources_ and their settings. A _Composite Resource_ creates the specific resources.
-
-{{< hint "note" >}}
-The [_Composite Resources_]({{][}}) section discusses
-_Composite Resources_.
-{{< /hint >}}
-
-_Compositions_ are cluster scoped and available to all cluster namespaces.
-
-Use `kubectl get compositions` to view all _compositions_.
-
-
- ## Composite Resources
-
-A _Composite Resource_ (`XR`) is a set of provisioned _managed resources_. A
-_Composite Resource_ uses the template defined by a _Composition_ and applies
-any user defined settings.
-
-Multiple unique _Composite Resource_ objects can use the same _Composition_. For
-example, a _Composition_ template can create a compute, storage and networking
-set of _managed resources_. Crossplane uses the same _Composition_ template
-every time a user requests this set of resources.
-
-If a _Composition_ allows a user to define resource settings, users apply them
-in a _Composite Resource_.
-
-
-
-
-{{< hint "tip" >}}
-_Compositions_ are templates for a set of _managed resources_.
-_Composite Resources_ fill out the template and create _managed resources_.
-
-Deleting a _Composite Resource_ deletes all the _managed resources_ it created.
-{{< /hint >}}
-
-_Composite Resources_ are cluster scoped and available to all cluster namespaces.
-
-Use `kubectl get composite` to view all _Composite Resources_.
-
-## Composite Resource Definitions
-_Composite Resource Definitions_ (`XRDs`) create custom Kubernetes APIs used by
-_Claims_ and _Composite Resources_.
-
-{{< hint "note" >}}
-The [_Claims_]({{][}}) section discusses
-_Claims_.
-{{< /hint >}}
-
-Platform teams define the custom APIs.
-These APIs can define specific values
-like storage space in gigabytes, generic settings like `small` or `large`,
-deployment options like `cloud` or `onprem`. Crossplane doesn't limit the API definitions.
-
-The _Composite Resource Definition's_ `kind` is from Crossplane.
-```yaml
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-```
-
-The `spec` of a _Composite Resource Definition_ creates the `apiVersion`,
-`kind` and `spec` of a _Composite Resource_.
-
-{{< hint "tip" >}}
-The _Composite Resource Definition_ defines the parameters for a _Composite
-Resource_.
-{{< /hint >}}
-
-A _Composite Resource Definition_ has four main `spec` parameters:
-* A {{}}group{{< /hover >}}
-to define the
-{{< hover label="xr2" line="2" >}}apiVersion{{}}
-in a _Composite Resource_ .
-* The {{< hover label="specGroup" line="7" >}}versions.name{{}}
-that defines the version used in a _Composite Resource_.
-* A {{< hover label="specGroup" line="5" >}}names.kind{{}}
-to define the _Composite Resource_
-{{< hover label="xr2" line="3" >}}kind{{}}.
-* A {{< hover label="specGroup" line="8" >}}versions.schema{{}} section
-to define the _Composite Resource_ {{}}spec{{}}.
-
-```yaml {label="specGroup"}
-# Composite Resource Definition (XRD)
-spec:
- group: test.example.org
- names:
- kind: MyComputeResource
- versions:
- - name: v1alpha1
- schema:
- # Removed for brevity
-```
-
-A _Composite Resource_ based on this _Composite Resource Definition_ looks like this:
-
-```yaml {label="xr2"}
-# Composite Resource (XR)
-apiVersion: test.example.org/v1alpha1
-kind: MyComputeResource
-metadata:
- name: my-resource
-spec:
- storage: "large"
-```
-
-A _Composite Resource Definition_ {{< hover label="specGroup" line="8" >}}schema{{}} defines the _Composite Resource_
-{{}}spec{{}} parameters.
-
-These parameters are the new, custom APIs, that developers can use.
-
-For example, creating a compute _managed resource_ requires knowledge of a
-cloud provider's compute class names like AWS's `m6in.large` or GCP's
-`e2-standard-2`.
-
-A _Composite Resource Definition_ can limit the choices to `small` or `large`.
-A _Composite Resource_ uses those options and the _Composition_ maps them
-to specific cloud provider settings.
-
-The following _Composite Resource Definition_ defines a {{}}storage{{< /hover >}}
-parameter. The storage is a
-{{}}string{{< /hover >}}
-and the OpenAPI
-{{}}oneOf{{< /hover >}} requires the
-options to be either {{}}small{{< /hover >}}
-or {{}}large{{< /hover >}}.
-
-```yaml {label="specVersions"}
-# Composite Resource Definition (XRD)
-spec:
- group: test.example.org
- names:
- kind: MyComputeResource
- versions:
- - name: v1alpha1
- served: true
- referenceable: true
- schema:
- openAPIV3Schema:
- type: object
- properties:
- spec:
- type: object
- properties:
- storage:
- type: string
- oneOf:
- - pattern: '^small$'
- - pattern: '^large$'
- required:
- - storage
-```
-
-A _Composite Resource Definition_ can define a wide variety of settings and options.
-
-Creating a _Composite Resource Definition_ enables the creation of _Composite
-Resources_ but can also create a _Claim_.
-
-_Composite Resource Definitions_ with a `spec.claimNames` allow developers to
-create _Claims_.
-
-For example, the
-{{< hover label="xrdClaim" line="6" >}}claimNames.kind{{}}
-allows the creation of _Claims_ of `kind: computeClaim`.
-```yaml {label="xrdClaim"}
-# Composite Resource Definition (XRD)
-spec:
- group: test.example.org
- names:
- kind: MyComputeResource
- claimNames:
- kind: computeClaim
- # Removed for brevity
-```
-
-## Claims
-_Claims_ are the primary way developers interact with Crossplane.
-
-_Claims_ access the custom APIs defined by the platform team in a _Composite
-Resource Definition_.
-
-_Claims_ look like _Composite Resources_, but they're namespace scoped,
-while _Composite Resources_ are cluster scoped.
-
-{{< hint "note" >}}
-**Why does namespace scope matter?**
-Having namespace scoped _Claims_ allows multiple teams, using unique namespaces,
-to create the same types of resources, independent of each other. The compute
-resources of team A are unique to the compute resources of team B.
-
-Directly creating _Composite Resources_ requires cluster-wide permissions,
-shared with all teams.
-_Claims_ create the same set of resources, but on a namespace level.
-{{< /hint >}}
-
-The previous _Composite Resource Definition_ allows the creation of _Claims_
-of the kind
-{{}}computeClaim{{}}.
-
-Claims use the same
-{{< hover label="xrdClaim2" line="3" >}}apiVersion{{< /hover >}}
-defined in _Composite Resource Definition_ and also used by
-_Composite Resources_.
-```yaml {label="xrdClaim2"}
-# Composite Resource Definition (XRD)
-spec:
- group: test.example.org
- names:
- kind: MyComputeResource
- claimNames:
- kind: computeClaim
- # Removed for brevity
-```
-
-In an example _Claim_ the
-{{}}apiVersion{{< /hover >}}
-matches the {{}}group{{< /hover >}} in the
-_Composite Resource Definition_.
-
-The _Claim_ {{}}kind{{< /hover >}} matches the
-_Composite Resource Definition_
-{{}}claimNames.kind{{< /hover >}}.
-
-```yaml {label="claim"}
-# Claim
-apiVersion: test.example.org/v1alpha1
-kind: computeClaim
-metadata:
- name: myClaim
- namespace: devGroup
-spec:
- size: "large"
-```
-
-A _Claim_ can install in a {{}}namespace{{}}.
-The _Composite Resource Definition_ defines the
-{{}}spec{{< /hover >}} options the same way it
-does for a _Composite Resource_
-{{}}spec{{< /hover >}}.
-
-{{< hint "tip" >}}
-_Composite Resources_ and _Claims_ are similar.
-Only _Claims_ can be in
-a {{}}namespace{{}}.
-Also the _Composite Resource's_ {{}}kind{{}} may be different than the _Claim's_
-{{}}kind{{< /hover >}}.
-The _Composite Resource Definition_ defines the
-{{}}kind{{}} values.
-{{< /hint >}}
-
-```yaml {label="xr-claim"}
-# Composite Resource (XR)
-apiVersion: test.example.org/v1alpha1
-kind: MyComputeResource
-metadata:
- name: my-resource
-spec:
- storage: "large"
-```
-
-_Claims_ are namespace scoped.
-
-View all available Claims with the command `kubectl get claim`.
-
-## Next steps
-Build your own Crossplane platform using one of the quickstart guides.
-* [Azure Quickstart]({{][}})
-* [AWS Quickstart]({{][}})
-* [GCP Quickstart]({{][}})
diff --git a/content/v1.19/getting-started/provider-aws-part-2.md b/content/v1.19/getting-started/provider-aws-part-2.md
deleted file mode 100644
index 7023e3ae0..000000000
--- a/content/v1.19/getting-started/provider-aws-part-2.md
+++ /dev/null
@@ -1,599 +0,0 @@
----
-title: AWS Quickstart Part 2
-weight: 120
-tocHidden: true
-aliases:
- - /master/getting-started/provider-aws-part-3
----
-
-{{< hint "important" >}}
-This guide is part 2 of a series.
-
-[**Part 1**]({{][}}) covers
-to installing Crossplane and connect your Kubernetes cluster to AWS.
-
-{{< /hint >}}
-
-This guide walks you through building and accessing a custom API with Crossplane.
-
-## Prerequisites
-* Complete [quickstart part 1]({{][}}) connecting Kubernetes
- to AWS.
-* an AWS account with permissions to create an AWS S3 storage bucket and a
- DynamoDB instance
-
-{{}}
-1. Add the Crossplane Helm repository and install Crossplane
-```shell
-helm repo add \
-crossplane-stable https://charts.crossplane.io/stable
-helm repo update
-
-helm install crossplane \
-crossplane-stable/crossplane \
---namespace crossplane-system \
---create-namespace
-```
-
-2. When the Crossplane pods finish installing and are ready, apply the AWS Provider
-
-```yaml {label="provider",copy-lines="all"}
-cat <
-aws_secret_access_key =
-```
-
-4. Create a Kubernetes secret from the AWS keys
-```shell {label="kube-create-secret",copy-lines="all"}
-kubectl create secret \
-generic aws-secret \
--n crossplane-system \
---from-file=creds=./aws-credentials.txt
-```
-
-5. Create a _ProviderConfig_
-```yaml {label="providerconfig",copy-lines="all"}
-cat <}}
-
-## Install the DynamoDB Provider
-
-Part 1 only installed the AWS S3 Provider. This section deploys an S3 bucket
-along with a DynamoDB Table.
-Deploying a DynamoDB Table requires the DynamoDB Provider as well.
-
-Add the new Provider to the cluster.
-
-```yaml
-cat <
-Crossplane allows you to build your own custom APIs for your users, abstracting
-away details about the cloud provider and their resources. You can make your API
-as complex or simple as you wish.
-
-
-The custom API is a Kubernetes object.
-Here is an example custom API.
-
-```yaml {label="exAPI"}
-apiVersion: database.example.com/v1alpha1
-kind: NoSQL
-metadata:
- name: my-nosql-database
-spec:
- location: "US"
-```
-
-Like any Kubernetes object the API has a
-{{}}version{{}},
-{{}}kind{{}} and
-{{}}spec{{}}.
-
-### Define a group and version
-To create your own API start by defining an
-[API group](https://kubernetes.io/docs/reference/using-api/#api-groups) and
-[version](https://kubernetes.io/docs/reference/using-api/#api-versioning).
-
-The _group_ can be any value, but common convention is to map to a fully
-qualified domain name.
-
-
-The version shows how mature or stable the API is and increments when changing,
-adding or removing fields in the API.
-
-
-Crossplane doesn't require specific versions or a specific version naming
-convention, but following
-[Kubernetes API versioning guidelines](https://kubernetes.io/docs/reference/using-api/#api-versioning)
-is strongly recommended.
-
-* `v1alpha1` - A new API that may change at any time.
-* `v1beta1` - An existing API that's considered stable. Breaking changes are
- strongly discouraged.
-* `v1` - A stable API that doesn't have breaking changes.
-
-This guide uses the group
-{{}}database.example.com{{}}.
-
-Because this is the first version of the API, this guide uses the version
-{{}}v1alpha1{{}}.
-
-```yaml {label="version",copy-lines="none"}
-apiVersion: database.example.com/v1alpha1
-```
-
-### Define a kind
-
-The API group is a logical collection of related APIs. In a group are
-individual kinds representing different resources.
-
-For example a `database` group may have a `Relational` and `NoSQL` kinds.
-
-The `kind` can be anything, but it must be
-[UpperCamelCased](https://kubernetes.io/docs/contribute/style/style-guide/#use-upper-camel-case-for-api-objects).
-
-This API's kind is
-{{}}NoSQL{{}}
-
-```yaml {label="kind",copy-lines="none"}
-apiVersion: database.example.com/v1alpha1
-kind: NoSQL
-```
-
-### Define a spec
-
-The most important part of an API is the schema. The schema defines the inputs
-accepted from users.
-
-This API allows users to provide a
-{{}}location{{}} of where to run their
-cloud resources.
-
-All other resource settings can't be configurable by the users. This allows
-Crossplane to enforce any policies and standards without worrying about
-user errors.
-
-```yaml {label="spec",copy-lines="none"}
-apiVersion: database.example.com/v1alpha1
-kind: NoSQL
-spec:
- location: "US"
-```
-
-### Apply the API
-
-Crossplane uses
-{{}}Composite Resource Definitions{{}}
-(also called an `XRD`) to install your custom API in
-Kubernetes.
-
-The XRD {{}}spec{{}} contains all the
-information about the API including the
-{{}}group{{}},
-{{}}version{{}},
-{{}}kind{{}} and
-{{}}schema{{}}.
-
-The XRD's {{}}name{{}} must be the
-combination of the {{}}plural{{}} and
-{{}}group{{}}.
-
-The {{}}schema{{}} uses the
-{{}}OpenAPIv3{{}} specification to define
-the API {{}}spec{{}}.
-
-The API defines a {{}}location{{}} that
-must be {{}}oneOf{{}} either
-{{}}EU{{}} or
-{{}}US{{}}.
-
-Apply this XRD to create the custom API in your Kubernetes cluster.
-
-```yaml {label="xrd",copy-lines="all"}
-cat <}}claimNames{{]}} allows users
-to access this API either at the cluster level with the
-{{}}nosql{{}} endpoint or in a namespace
-with the
-{{}}nosqlclaim{{}} endpoint.
-
-The namespace scoped API is a Crossplane _Claim_.
-
-{{}}
-For more details on the fields and options of Composite Resource Definitions
-read the
-[XRD documentation]({{[}}).
-{{< /hint >}}
-
-View the installed XRD with `kubectl get xrd`.
-
-```shell {copy-lines="1"}
-kubectl get xrd
-NAME ESTABLISHED OFFERED AGE
-nosqls.database.example.com True True 2s
-```
-
-View the new custom API endpoints with `kubectl api-resources | grep nosql`
-
-```shell {copy-lines="1",label="apiRes"}
-kubectl api-resources | grep nosql
-nosqlclaim database.example.com/v1alpha1 true NoSQLClaim
-nosqls database.example.com/v1alpha1 false NoSQL
-```
-
-## Create a deployment template
-
-When users access the custom API Crossplane takes their inputs and combines them
-with a template describing what infrastructure to deploy. Crossplane calls this
-template a _Composition_.
-
-The {{}}Composition{{}} defines all the
-cloud resources to deploy. Each entry in the template is a full resource
-definition, defining all the resource settings and metadata like labels and
-annotations.
-
-This template creates an AWS
-{{}}S3{{}}
-{{}}Bucket{{}} and a
-{{}}DynamoDB{{}}
-{{}}Table{{}}.
-
-This Composition takes the user's
-{{}}location{{}} input and uses it as the
-{{}}region{{}} used in the individual
-resource.
-
-{{}}
-This Composition uses an array of resource templates. You can patch each
-template with data copied from the custom API. Crossplane calls this a _Patch
-and Transform_ Composition.
-
-You don't have to use Patch and Transform. Crossplane supports a variety of
-alternatives, including Go Templating and CUE. You can also write a function in
-Go or Python to template your resources.
-
-Read the [Composition documentation]({{][}}) for
-more information on configuring Compositions and all the available options.
-{{< /hint >}}
-
-Apply this Composition to your cluster.
-
-```yaml {label="comp",copy-lines="all"}
-cat <}}compositeTypeRef{{]}} defines
-which custom APIs can use this template to create resources.
-
-A Composition uses a pipeline of _composition functions_ to define the cloud
-resources to deploy. This template uses
-{{}}function-patch-and-transform{{}}.
-You must install the function before you can use it in a Composition.
-
-Apply this Function to install `function-patch-and-transform`:
-
-```yaml {label="install"}
-cat <}}
-Read the [Composition documentation]({{[}}) for
-more information on configuring Compositions and all the available options.
-
-Read the
-[Patch and Transform function documentation]({{][}})
-for more information on how it uses patches to map user inputs to Composition
-resource templates.
-{{< /hint >}}
-
-View the Composition with `kubectl get composition`
-
-```shell {copy-lines="1"}
-kubectl get composition
-NAME XR-KIND XR-APIVERSION AGE
-dynamo-with-bucket NoSQL database.example.com/v1alpha1 3s
-```
-
-
-
-## Access the custom API
-
-With the custom API (XRD) installed and associated to a resource template
-(Composition) users can access the API to create resources.
-
-Create a {{}}NoSQL{{}} object to create the
-cloud resources.
-
-```yaml {copy-lines="all",label="xr"}
-cat <}}
-It may take up to 5 minutes to delete the resources.
-{{< /hint >}}
-
-```shell {copy-lines="1"}
-kubectl get managed
-No resources found
-```
-
-## Using the API with namespaces
-
-Accessing the API `nosql` happens at the cluster scope.
-Most organizations
-isolate their users into namespaces.
-
-A Crossplane _Claim_ is the custom API in a namespace.
-
-Creating a _Claim_ is just like accessing the custom API endpoint, but with the
-{{}}kind{{}}
-from the custom API's `claimNames`.
-
-Create a new namespace to test create a Claim in.
-
-```shell
-kubectl create namespace crossplane-test
-```
-
-Then create a Claim in the `crossplane-test` namespace.
-
-```yaml {label="claim",copy-lines="all"}
-cat <}}
-It may take up to 5 minutes to delete the resources.
-{{< /hint >}}
-
-Verify Crossplane deleted the composite resource with `kubectl get composite`.
-
-```shell {copy-lines="1"}
-kubectl get composite
-No resources found
-```
-
-Verify Crossplane deleted the managed resources with `kubectl get managed`.
-
-```shell {copy-lines="1"}
-kubectl get managed
-No resources found
-```
-
-## Next steps
-* Explore AWS resources that Crossplane can configure in the
- [provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-aws/blob/main/package/crds).
-* Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with
- Crossplane users and contributors.
-* Read more about the [Crossplane concepts]({{][}}) to find out what else you can do
- with Crossplane.
diff --git a/content/v1.19/getting-started/provider-aws.md b/content/v1.19/getting-started/provider-aws.md
deleted file mode 100644
index 1548be212..000000000
--- a/content/v1.19/getting-started/provider-aws.md
+++ /dev/null
@@ -1,244 +0,0 @@
----
-title: AWS Quickstart
-weight: 100
----
-
-Connect Crossplane to AWS to create and manage cloud resources from Kubernetes
-with
-[provider-upjet-aws](https://github.com/crossplane-contrib/provider-upjet-aws).
-
-This guide is in two parts:
-* Part 1 walks through installing Crossplane, configuring the provider to
-authenticate to AWS and creating a _Managed Resource_ in AWS directly from your
-Kubernetes cluster. This shows Crossplane can communicate with AWS.
-* [Part 2]({{< ref "provider-aws-part-2" >}}) shows how to build and access a
- custom API with Crossplane.
-
-
-## Prerequisites
-This quickstart requires:
-* a Kubernetes cluster with at least 2 GB of RAM
-* permissions to create pods and secrets in the Kubernetes cluster
-* [Helm](https://helm.sh/) version v3.2.0 or later
-* an AWS account with permissions to create an S3 storage bucket
-* AWS [access keys](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-creds)
-
-{{}}
-
-## Install the AWS provider
-
-Install the AWS S3 provider into the Kubernetes cluster with a Kubernetes
-configuration file.
-
-```yaml {label="provider",copy-lines="all"}
-cat <}}Provider{{]}}
-installs the Kubernetes _Custom Resource Definitions_ (CRDs) representing AWS S3
-services. These CRDs allow you to create AWS resources directly inside
-Kubernetes.
-
-Verify the provider installed with `kubectl get providers`.
-
-
-```shell {copy-lines="1",label="getProvider"}
-kubectl get providers
-NAME INSTALLED HEALTHY PACKAGE AGE
-crossplane-contrib-provider-family-aws True True xpkg.crossplane.io/crossplane-contrib/provider-family-aws:v1.21.1 30s
-provider-aws-s3 True True xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1 34s
-```
-
-The S3 Provider installs a second Provider, the
-{{}}crossplane-contrib-provider-family-aws{{}}.
-The family provider manages authentication to AWS across all AWS family
-Providers.
-
-
-You can view the new CRDs with `kubectl get crds`.
-Every CRD maps to a unique AWS service Crossplane can provision and manage.
-
-{{< hint type="tip" >}}
-See details about all the supported CRDs in the
-[provider examples](https://github.com/crossplane-contrib/provider-upjet-aws/tree/main/examples).
-{{< /hint >}}
-
-## Create a Kubernetes secret for AWS
-The provider requires credentials to create and manage AWS resources.
-Providers use a Kubernetes _Secret_ to connect the credentials to the provider.
-
-Generate a Kubernetes _Secret_ from your AWS key-pair and
-then configure the Provider to use it.
-
-### Generate an AWS key-pair file
-For basic user authentication, use an AWS Access keys key-pair file.
-
-{{< hint type="tip" >}}
-The [AWS documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-creds)
-provides information on how to generate AWS Access keys.
-{{< /hint >}}
-
-Create a text file containing the AWS account `aws_access_key_id` and `aws_secret_access_key`.
-
-{{< editCode >}}
-```ini {copy-lines="all"}
-[default]
-aws_access_key_id = $@$@
-aws_secret_access_key = $@$@
-```
-{{< /editCode >}}
-
-Save this text file as `aws-credentials.txt`.
-
-{{< hint type="note" >}}
-The [Authentication](https://docs.upbound.io/providers/provider-aws/authentication/) section of the AWS Provider documentation describes other authentication methods.
-{{< /hint >}}
-
-### Create a Kubernetes secret with the AWS credentials
-A Kubernetes generic secret has a name and contents.
-Use
-{{< hover label="kube-create-secret" line="1">}}kubectl create secret{{}}
-to generate the secret object named
-{{< hover label="kube-create-secret" line="2">}}aws-secret{{< /hover >}}
-in the {{< hover label="kube-create-secret" line="3">}}crossplane-system{{}} namespace.
-
-Use the {{< hover label="kube-create-secret" line="4">}}--from-file={{}} argument to set the value to the contents of the {{< hover label="kube-create-secret" line="4">}}aws-credentials.txt{{< /hover >}} file.
-
-```shell {label="kube-create-secret",copy-lines="all"}
-kubectl create secret \
-generic aws-secret \
--n crossplane-system \
---from-file=creds=./aws-credentials.txt
-```
-
-View the secret with `kubectl describe secret`
-
-{{< hint type="note" >}}
-The size may be larger if there are extra blank spaces in your text file.
-{{< /hint >}}
-
-```shell {copy-lines="1"}
-kubectl describe secret aws-secret -n crossplane-system
-Name: aws-secret
-Namespace: crossplane-system
-Labels:
-Annotations:
-
-Type: Opaque
-
-Data
-====
-creds: 114 bytes
-```
-
-## Create a ProviderConfig
-A {{< hover label="providerconfig" line="3">}}ProviderConfig{{}}
-customizes the settings of the AWS Provider.
-
-Apply the
-{{< hover label="providerconfig" line="3">}}ProviderConfig{{}}
-with the this Kubernetes configuration file:
-```yaml {label="providerconfig",copy-lines="all"}
-cat <}}secretRef{{}}.
-
-The
-{{< hover label="providerconfig" line="11">}}spec.credentials.secretRef.name{{< /hover >}}
-value is the name of the Kubernetes secret containing the AWS credentials in the
-{{< hover label="providerconfig" line="10">}}spec.credentials.secretRef.namespace{{< /hover >}}.
-
-
-## Create a managed resource
-A _managed resource_ is anything Crossplane creates and manages outside of the
-Kubernetes cluster.
-
-This guide creates an AWS S3 bucket with Crossplane.
-
-The S3 bucket is a _managed resource_.
-
-{{< hint type="note" >}}
-AWS S3 bucket names must be globally unique. To generate a unique name the example uses a random hash.
-Any unique name is acceptable.
-{{< /hint >}}
-
-```yaml {label="xr"}
-cat <}}apiVersion{{< /hover >}} and
-{{< hover label="xr" line="3">}}kind{{}} are from the provider's CRDs.
-
-
-The {{< hover label="xr" line="5">}}metadata.generateName{{< /hover >}} value is the
-name of the created S3 bucket in AWS.
-This example uses the generated name `crossplane-bucket-` in the
-{{< hover label="xr" line="5">}}$bucket{{}} variable.
-
-The {{< hover label="xr" line="8">}}spec.forProvider.region{{< /hover >}} tells
-AWS which AWS region to use when deploying resources.
-
-The region can be any
-[AWS Regional endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints) code.
-
-Use `kubectl get buckets` to verify Crossplane created the bucket.
-
-{{< hint type="tip" >}}
-Crossplane created the bucket when the values `READY` and `SYNCED` are `True`.
-This may take up to 5 minutes.
-{{< /hint >}}
-
-```shell {copy-lines="1"}
-kubectl get buckets
-NAME READY SYNCED EXTERNAL-NAME AGE
-crossplane-bucket-hhdzh True True crossplane-bucket-hhdzh 5s
-```
-
-## Delete the managed resource
-Before shutting down your Kubernetes cluster, delete the S3 bucket just created.
-
-Use `kubectl delete bucket ` to remove the bucket.
-
-```shell {copy-lines="1"}
-kubectl delete bucket crossplane-bucket-hhdzh
-bucket.s3.aws.upbound.io "crossplane-bucket-hhdzh" deleted
-```
-
-## Next steps
-* [**Continue to part 2**]({{< ref "provider-aws-part-2">}}) to create and use a
- custom API with Crossplane.
-* Explore AWS resources that Crossplane can configure in the
- [provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-aws/blob/main/package/crds).
-* Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with
- Crossplane users and contributors.
diff --git a/content/v1.19/getting-started/provider-azure-part-2.md b/content/v1.19/getting-started/provider-azure-part-2.md
deleted file mode 100644
index 3b4be91cf..000000000
--- a/content/v1.19/getting-started/provider-azure-part-2.md
+++ /dev/null
@@ -1,701 +0,0 @@
----
-title: Azure Quickstart Part 2
-weight: 120
-tocHidden: true
-aliases:
- - /master/getting-started/provider-azure-part-3
----
-
-{{< hint "important" >}}
-This guide is part 2 of a series.
-
-[**Part 1**]({{[}}) covers
-to installing Crossplane and connect your Kubernetes cluster to Azure.
-
-{{< /hint >}}
-
-This guide walks you through building and accessing a custom API with Crossplane.
-
-## Prerequisites
-* Complete [quickstart part 1]({{][}}) connecting Kubernetes
- to Azure.
-* an Azure account with permissions to create an Azure Virtual Machine, Resource
- Group and Virtual Networking.
-
-{{}}
-1. Add the Crossplane Helm repository and install Crossplane
-```shell
-helm repo add \
-crossplane-stable https://charts.crossplane.io/stable
-helm repo update
-&&
-helm install crossplane \
-crossplane-stable/crossplane \
---namespace crossplane-system \
---create-namespace
-```
-
-2. When the Crossplane pods finish installing and are ready, apply the Azure
- Provider
-
-```yaml {label="provider",copy-lines="all"}
-cat <}}
-```console
-az ad sp create-for-rbac \
---sdk-auth \
---role Owner \
---scopes /subscriptions/$@$@
-```
-{{}}
-
-4. Create a Kubernetes secret from the Azure JSON file.
-```shell {label="kube-create-secret",copy-lines="all"}
-kubectl create secret \
-generic azure-secret \
--n crossplane-system \
---from-file=creds=./azure-credentials.json
-```
-
-5. Create a _ProviderConfig_
-```yaml {label="providerconfig",copy-lines="all"}
-cat <}}
-
-## Create a custom API
-
-
-Crossplane allows you to build your own custom APIs for your users, abstracting
-away details about the cloud provider and their resources. You can make your API
-as complex or simple as you wish.
-
-
-The custom API is a Kubernetes object.
-Here is an example custom API.
-
-```yaml {label="exAPI"}
-apiVersion: compute.example.com/v1alpha1
-kind: VirtualMachine
-metadata:
- name: my-vm
-spec:
- location: "US"
-```
-
-Like any Kubernetes object the API has a
-{{}}version{{}},
-{{}}kind{{}} and
-{{}}spec{{}}.
-
-### Define a group and version
-To create your own API start by defining an
-[API group](https://kubernetes.io/docs/reference/using-api/#api-groups) and
-[version](https://kubernetes.io/docs/reference/using-api/#api-versioning).
-
-The _group_ can be any value, but common convention is to map to a fully
-qualified domain name.
-
-
-The version shows how mature or stable the API is and increments when changing,
-adding or removing fields in the API.
-
-
-Crossplane doesn't require specific versions or a specific version naming
-convention, but following
-[Kubernetes API versioning guidelines](https://kubernetes.io/docs/reference/using-api/#api-versioning)
-is strongly recommended.
-
-* `v1alpha1` - A new API that may change at any time.
-* `v1beta1` - An existing API that's considered stable. Breaking changes are
- strongly discouraged.
-* `v1` - A stable API that doesn't have breaking changes.
-
-This guide uses the group
-{{}}compute.example.com{{}}.
-
-Because this is the first version of the API, this guide uses the version
-{{}}v1alpha1{{}}.
-
-```yaml {label="version",copy-lines="none"}
-apiVersion: compute.example.com/v1alpha1
-```
-
-### Define a kind
-
-The API group is a logical collection of related APIs. In a group are
-individual kinds representing different resources.
-
-For example a `compute` group may have a `VirtualMachine` and `BareMetal` kinds.
-
-The `kind` can be anything, but it must be
-[UpperCamelCased](https://kubernetes.io/docs/contribute/style/style-guide/#use-upper-camel-case-for-api-objects).
-
-This API's kind is
-{{}}VirtualMachine{{}}
-
-```yaml {label="kind",copy-lines="none"}
-apiVersion: compute.example.com/v1alpha1
-kind: VirtualMachine
-```
-
-### Define a spec
-
-The most important part of an API is the schema. The schema defines the inputs
-accepted from users.
-
-This API allows users to provide a
-{{}}location{{}} of where to run their
-cloud resources.
-
-All other resource settings can't be configurable by the users. This allows
-Crossplane to enforce any policies and standards without worrying about
-user errors.
-
-```yaml {label="spec",copy-lines="none"}
-apiVersion: compute.example.com/v1alpha1
-kind: VirtualMachine
-spec:
- location: "US"
-```
-
-### Apply the API
-
-Crossplane uses
-{{}}Composite Resource Definitions{{}}
-(also called an `XRD`) to install your custom API in
-Kubernetes.
-
-The XRD {{}}spec{{}} contains all the
-information about the API including the
-{{}}group{{}},
-{{}}version{{}},
-{{}}kind{{}} and
-{{}}schema{{}}.
-
-The XRD's {{}}name{{}} must be the
-combination of the {{}}plural{{}} and
-{{}}group{{}}.
-
-The {{}}schema{{}} uses the
-{{}}OpenAPIv3{{}} specification to define
-the API {{}}spec{{}}.
-
-The API defines a {{}}location{{}} that
-must be {{}}oneOf{{}} either
-{{}}EU{{}} or
-{{}}US{{}}.
-
-Apply this XRD to create the custom API in your Kubernetes cluster.
-
-```yaml {label="xrd",copy-lines="all"}
-cat <}}claimNames{{]}} allows users
-to access this API either at the cluster level with the
-{{}}VirtualMachine{{}} endpoint or in a namespace
-with the
-{{}}VirtualMachineClaim{{}} endpoint.
-
-The namespace scoped API is a Crossplane _Claim_.
-
-{{}}
-For more details on the fields and options of Composite Resource Definitions
-read the
-[XRD documentation]({{[}}).
-{{< /hint >}}
-
-View the installed XRD with `kubectl get xrd`.
-
-```shell {copy-lines="1"}
-kubectl get xrd
-NAME ESTABLISHED OFFERED AGE
-virtualmachines.compute.example.com True True 43s
-```
-
-View the new custom API endpoints with `kubectl api-resources | grep VirtualMachine`
-
-```shell {copy-lines="1",label="apiRes"}
-kubectl api-resources | grep VirtualMachine
-virtualmachineclaims compute.example.com/v1alpha1 true VirtualMachineClaim
-virtualmachines compute.example.com/v1alpha1 false VirtualMachine
-```
-
-## Create a deployment template
-
-When users access the custom API Crossplane takes their inputs and combines them
-with a template describing what infrastructure to deploy. Crossplane calls this
-template a _Composition_.
-
-The {{}}Composition{{}} defines all the
-cloud resources to deploy.
-Each entry in the template
-is a full resource definitions, defining all the resource settings and metadata
-like labels and annotations.
-
-This template creates an Azure
-{{}}LinuxVirtualMachine{{}}
-{{}}NetworkInterface{{}},
-{{}}Subnet{{}}
-{{}}VirtualNetwork{{}} and
-{{}}ResourceGroup{{}}.
-
-This Composition takes the user's
-{{}}location{{}} input and uses it as the
-{{}}location{{}} used in the individual
-resource.
-
-{{}}
-This Composition uses an array of resource templates. You can patch each
-template with data copied from the custom API. Crossplane calls this a _Patch
-and Transform_ Composition.
-
-You don't have to use Patch and Transform. Crossplane supports a variety of
-alternatives, including Go Templating and CUE. You can also write a function in
-Go or Python to template your resources.
-
-Read the [Composition documentation]({{][}}) for
-more information on configuring Compositions and all the available options.
-{{< /hint >}}
-
-Apply this Composition to your cluster.
-
-```yaml {label="comp",copy-lines="all"}
-cat <}}compositeTypeRef{{]}} defines
-which custom APIs can use this template to create resources.
-
-A Composition uses a pipeline of _composition functions_ to define the cloud
-resources to deploy. This template uses
-{{}}function-patch-and-transform{{}}.
-You must install the function before you can use it in a Composition.
-
-Apply this Function to install `function-patch-and-transform`:
-
-```yaml {label="install"}
-cat <}}
-Read the [Composition documentation]({{[}}) for
-more information on configuring Compositions and all the available options.
-
-Read the
-[Patch and Transform function documentation]({{][}})
-for more information on how it uses patches to map user inputs to Composition
-resource templates.
-{{< /hint >}}
-
-View the Composition with `kubectl get composition`
-
-```shell {copy-lines="1"}
-kubectl get composition
-NAME XR-KIND XR-APIVERSION AGE
-crossplane-quickstart-vm-with-network XVirtualMachine custom-api.example.org/v1alpha1 77s
-```
-
-## Install the Azure virtual machine provider
-
-Part 1 only installed the Azure Virtual Network Provider. To deploying virtual
-machines requires the Azure Compute provider as well.
-
-Add the new Provider to the cluster.
-
-```yaml
-cat <}}VirtualMachine{{]}} object to
-create the cloud resources.
-
-```yaml {copy-lines="all",label="xr"}
-cat <}}
-It may take up to five minutes for the resources to provision.
-{{< /hint >}}
-
-```shell {copy-lines="1"}
-kubectl get VirtualMachine
-NAME SYNCED READY COMPOSITION AGE
-my-vm True True crossplane-quickstart-vm-with-network 3m3s
-```
-
-This object is a Crossplane _composite resource_ (also called an `XR`).
-It's a
-single object representing the collection of resources created from the
-Composition template.
-
-View the individual resources with `kubectl get managed`
-
-```shell {copy-lines="1"}
-kubectl get managed
-NAME READY SYNCED EXTERNAL-NAME AGE
-resourcegroup.azure.upbound.io/my-vm-7jb4n True True my-vm-7jb4n 3m43s
-
-NAME READY SYNCED EXTERNAL-NAME AGE
-linuxvirtualmachine.compute.azure.upbound.io/my-vm-5h7p4 True True my-vm-5h7p4 3m43s
-
-NAME READY SYNCED EXTERNAL-NAME AGE
-networkinterface.network.azure.upbound.io/my-vm-j7fpx True True my-vm-j7fpx 3m43s
-
-NAME READY SYNCED EXTERNAL-NAME AGE
-subnet.network.azure.upbound.io/my-vm-b2dqt True True my-vm-b2dqt 3m43s
-
-NAME READY SYNCED EXTERNAL-NAME AGE
-virtualnetwork.network.azure.upbound.io/my-vm-pd2sw True True my-vm-pd2sw 3m43s
-```
-
-Accessing the API created all five resources defined in the template and linked
-them together.
-
-Look at a specific resource to see it's created in the location used in the API.
-
-```yaml {copy-lines="1"}
-kubectl describe linuxvirtualmachine | grep Location
- Location: Sweden Central
- Location: swedencentral
-```
-
-Delete the resources with `kubectl delete VirtualMachine`.
-
-```shell {copy-lines="1"}
-kubectl delete VirtualMachine my-vm
-virtualmachine.compute.example.com "my-vm" deleted
-```
-
-Verify Crossplane deleted the resources with `kubectl get managed`
-
-{{}}
-It may take up to 5 minutes to delete the resources.
-{{< /hint >}}
-
-```shell {copy-lines="1"}
-kubectl get managed
-No resources found
-```
-
-## Using the API with namespaces
-
-Accessing the API `VirtualMachine` happens at the cluster scope.
-Most organizations
-isolate their users into namespaces.
-
-A Crossplane _Claim_ is the custom API in a namespace.
-
-Creating a _Claim_ is just like accessing the custom API endpoint, but with the
-{{}}kind{{}}
-from the custom API's `claimNames`.
-
-Create a new namespace to test create a Claim in.
-
-```shell
-kubectl create namespace crossplane-test
-```
-
-Then create a Claim in the `crossplane-test` namespace.
-
-```yaml {label="claim",copy-lines="all"}
-cat <}}
-It may take up to 5 minutes to delete the resources.
-{{< /hint >}}
-
-Verify Crossplane deleted the composite resource with `kubectl get composite`.
-
-```shell {copy-lines="1"}
-kubectl get composite
-No resources found
-```
-
-Verify Crossplane deleted the managed resources with `kubectl get managed`.
-
-```shell {copy-lines="1"}
-kubectl get managed
-No resources found
-```
-
-## Next steps
-* Explore Azure resources that Crossplane can configure in the
- [Provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-azure/tree/main/package/crds).
-* Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with
- Crossplane users and contributors.
-* Read more about the [Crossplane concepts]({{[}}) to find out
- what else you can do with Crossplane.
diff --git a/content/v1.19/getting-started/provider-azure.md b/content/v1.19/getting-started/provider-azure.md
deleted file mode 100644
index 8823ef8ff..000000000
--- a/content/v1.19/getting-started/provider-azure.md
+++ /dev/null
@@ -1,239 +0,0 @@
----
-title: Azure Quickstart
-weight: 110
----
-
-Connect Crossplane to Azure to create and manage cloud resources from Kubernetes
-with
-[provider-upjet-azure](https://github.com/crossplane-contrib/provider-upjet-azure).
-
-This guide is in two parts:
-* Part 1 walks through installing Crossplane, configuring the provider to
-authenticate to Azure and creating a _Managed Resource_ in Azure directly from
-your Kubernetes cluster. This shows Crossplane can communicate with Azure.
-* [Part 2]({{< ref "provider-azure-part-2" >}}) shows how to build and access a
- custom API with Crossplane.
-
-## Prerequisites
-This quickstart requires:
-* a Kubernetes cluster with at least 2 GB of RAM
-* permissions to create pods and secrets in the Kubernetes cluster
-* [Helm](https://helm.sh/) version v3.2.0 or later
-* an Azure account with permissions to create an
- [Azure Virtual Machine](https://learn.microsoft.com/en-us/azure/virtual-machines/)
- and
- [Virtual Network](https://learn.microsoft.com/en-us/azure/virtual-network/)
-* an Azure account with permissions to create an Azure [service principal](https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals#service-principal-object) and an [Azure resource group](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal)
-
-{{}}
-
-## Install the Azure provider
-
-Install the Azure Network resource provider into the Kubernetes cluster with a Kubernetes configuration
-file.
-
-```yaml {label="provider",copy-lines="all"}
-cat <}}Provider{{]}}
-installs the Kubernetes _Custom Resource Definitions_ (CRDs) representing Azure Networking
-services. These CRDs allow you to create Azure resources directly inside
-Kubernetes.
-
-Verify the provider installed with `kubectl get providers`.
-
-
-```shell {copy-lines="1",label="getProvider"}
-kubectl get providers
-NAME INSTALLED HEALTHY PACKAGE AGE
-crossplane-contrib-provider-family-azure True True xpkg.crossplane.io/crossplane-contrib/provider-family-azure:v1.11.2 2m18s
-provider-azure-network True True xpkg.crossplane.io/crossplane-contrib/provider-azure-network:v1.11.2 2m23s
-```
-
-The Network Provider installs a second Provider, the
-{{}}crossplane-contrib-provider-family-azure{{}}
-provider.
-The family provider manages authentication to Azure across all Azure family
-Providers.
-
-You can view the new CRDs with `kubectl get crds`.
-Every CRD maps to a unique Azure service Crossplane can provision and manage.
-
-{{< hint type="tip" >}}
-See details about all the supported CRDs in the
-[provider examples](https://github.com/crossplane-contrib/provider-upjet-azure/tree/main/examples).
-{{< /hint >}}
-
-
-## Create a Kubernetes secret for Azure
-The provider requires credentials to create and manage Azure resources.
-Providers use a Kubernetes _Secret_ to connect the credentials to the provider.
-
-This guide generates an Azure service principal JSON file and saves it as a
-Kubernetes _Secret_.
-
-### Install the Azure command-line
-Generating an [authentication file](https://docs.microsoft.com/en-us/azure/developer/go/azure-sdk-authorization#use-file-based-authentication) requires the Azure command-line.
-Follow the documentation from Microsoft to [Download and install the Azure command-line](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli).
-
-Log in to the Azure command-line.
-
-```command
-az login
-```
-### Create an Azure service principal
-Follow the Azure documentation to [find your Subscription ID](https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id) from the Azure Portal.
-
-Using the Azure command-line and provide your Subscription ID create a service principal and authentication file.
-
-{{< editCode >}}
-```console {copy-lines="all"}
-az ad sp create-for-rbac \
---sdk-auth \
---role Owner \
---scopes /subscriptions/$@$@
-```
-{{< /editCode >}}
-
-Save your Azure JSON output as `azure-credentials.json`.
-
-{{< hint type="note" >}}
-The
-[Authentication](https://docs.upbound.io/providers/provider-azure/authentication/)
-section of the Azure Provider documentation describes other authentication methods.
-{{< /hint >}}
-
-### Create a Kubernetes secret with the Azure credentials
-A Kubernetes generic secret has a name and contents. Use {{< hover label="kube-create-secret" line="1">}}kubectl create secret{{< /hover >}} to generate the secret object named {{< hover label="kube-create-secret" line="2">}}azure-secret{{< /hover >}} in the {{< hover label="kube-create-secret" line="3">}}crossplane-system{{}} namespace.
-
-
-
-Use the {{< hover label="kube-create-secret" line="4">}}--from-file={{}} argument to set the value to the contents of the {{< hover label="kube-create-secret" line="4">}}azure-credentials.json{{< /hover >}} file.
-
-```shell {label="kube-create-secret",copy-lines="all"}
-kubectl create secret \
-generic azure-secret \
--n crossplane-system \
---from-file=creds=./azure-credentials.json
-```
-
-View the secret with `kubectl describe secret`
-
-{{< hint type="note" >}}
-The size may be larger if there are extra blank spaces in your text file.
-{{< /hint >}}
-
-```shell {copy-lines="1"}
-kubectl describe secret azure-secret -n crossplane-system
-Name: azure-secret
-Namespace: crossplane-system
-Labels:
-Annotations:
-
-Type: Opaque
-
-Data
-====
-creds: 629 bytes
-```
-
-## Create a ProviderConfig
-A `ProviderConfig` customizes the settings of the Azure Provider.
-
-Apply the {{< hover label="providerconfig" line="5">}}ProviderConfig{{}} with the command:
-```yaml {label="providerconfig",copy-lines="all"}
-cat <}}secretRef{{}}.
-
-The {{< hover label="providerconfig" line="11">}}spec.credentials.secretRef.name{{< /hover >}} value is the name of the Kubernetes secret containing the Azure credentials in the {{< hover label="providerconfig" line="10">}}spec.credentials.secretRef.namespace{{< /hover >}}.
-
-
-## Create a managed resource
-A _managed resource_ is anything Crossplane creates and manages outside of the
-Kubernetes cluster. This example creates an Azure Virtual Network with
-Crossplane. The Virtual Network is a _managed resource_.
-
-{{< hint type="note" >}}
-Add your Azure Resource Group name. Follow the Azure documentation to
-[create a resource group](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal)
-if you don't have one.
-{{< /hint >}}
-
-{{< editCode >}}
-```yaml {label="xr"}
-cat <}}
-
-The {{< hover label="xr" line="2">}}apiVersion{{< /hover >}} and
-{{< hover label="xr" line="3">}}kind{{}} are from the provider's CRDs.
-
-The {{< hover label="xr" line="10">}}spec.forProvider.location{{< /hover >}}
-tells Azure which location to use when deploying the resource.
-
-Use `kubectl get virtualnetwork.network` to verify Crossplane created the
-Azure Virtual Network.
-
-{{< hint type="tip" >}}
-Crossplane created the virtual network when the values `READY` and `SYNCED` are `True`.
-This may take up to 5 minutes.
-{{< /hint >}}
-
-```shell {copy-lines="1"}
-kubectl get virtualnetwork.network
-NAME READY SYNCED EXTERNAL-NAME AGE
-crossplane-quickstart-network True True crossplane-quickstart-network 10m
-```
-
-## Delete the managed resource
-Before shutting down your Kubernetes cluster, delete the virtual network just
-created.
-
-Use `kubectl delete virtualnetwork.network` to delete the virtual network.
-
-
-```shell {copy-lines="1"}
-kubectl delete virtualnetwork.network crossplane-quickstart-network
-virtualnetwork.network.azure.upbound.io "crossplane-quickstart-network" deleted
-```
-
-## Next steps
-* [**Continue to part 2**]({{< ref "provider-azure-part-2">}}) to create and use
- a custom API with Crossplane.
-* Explore Azure resources that Crossplane can configure in the
- [Provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-azure/tree/main/package/crds).
-* Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with
- Crossplane users and contributors.
diff --git a/content/v1.19/getting-started/provider-gcp-part-2.md b/content/v1.19/getting-started/provider-gcp-part-2.md
deleted file mode 100644
index f2d3e6645..000000000
--- a/content/v1.19/getting-started/provider-gcp-part-2.md
+++ /dev/null
@@ -1,608 +0,0 @@
----
-title: GCP Quickstart Part 2
-weight: 120
-tocHidden: true
-aliases:
- - /master/getting-started/provider-azure-part-3
----
-
-{{< hint "important" >}}
-This guide is part 2 of a series.
-
-[**Part 1**]({{[}}) covers
-to installing Crossplane and connect your Kubernetes cluster to GCP.
-
-{{< /hint >}}
-
-This guide walks you through building and accessing a custom API with
-Crossplane.
-
-## Prerequisites
-* Complete [quickstart part 1]({{][}}) connecting Kubernetes
- to GCP.
-* a GCP account with permissions to create a GCP
- [storage bucket](https://cloud.google.com/storage) and a
- [Pub/Sub topic](https://cloud.google.com/pubsub).
-
-{{}}
-1. Add the Crossplane Helm repository and install Crossplane.
-```shell
-helm repo add \
-crossplane-stable https://charts.crossplane.io/stable
-helm repo update
-&&
-helm install crossplane \
-crossplane-stable/crossplane \
---namespace crossplane-system \
---create-namespace
-```
-
-2. When the Crossplane pods finish installing and are ready, apply the GCP
-Provider.
-
-```yaml {label="provider",copy-lines="all"}
-cat <}}
-The
-[GCP documentation](https://cloud.google.com/iam/docs/creating-managing-service-account-keys)
-provides information on how to generate a service account JSON file.
-{{< /hint >}}
-
-4. Create a Kubernetes secret from the GCP JSON file
-```shell {label="kube-create-secret",copy-lines="all"}
-kubectl create secret \
-generic gcp-secret \
--n crossplane-system \
---from-file=creds=./gcp-credentials.json
-```
-
-5. Create a _ProviderConfig_
-Include your
-{{< hover label="providerconfig" line="7" >}}GCP project ID{{< /hover >}} in the
-_ProviderConfig_ settings.
-
-{{< hint type="tip" >}}
-Find your GCP project ID from the `project_id` field of the
-`gcp-credentials.json` file.
-{{< /hint >}}
-
-{{< editCode >}}
-```yaml {label="providerconfig",copy-lines="all"}
-cat <$@
- credentials:
- source: Secret
- secretRef:
- namespace: crossplane-system
- name: gcp-secret
- key: creds
-EOF
-```
-{{< /editCode >}}
-
-{{}}
-
-## Install the PubSub Provider
-
-Part 1 only installed the GCP Storage Provider. This section deploys a
-PubSub Topic along with a GCP storage bucket.
-First install the GCP PubSub Provider.
-
-Add the new Provider to the cluster.
-
-```yaml
-cat <
-Crossplane allows you to build your own custom APIs for your users, abstracting
-away details about the cloud provider and their resources. You can make your API
-as complex or simple as you wish.
-
-
-The custom API is a Kubernetes object.
-Here is an example custom API.
-
-```yaml {label="exAPI"}
-apiVersion: database.example.com/v1alpha1
-kind: NoSQL
-metadata:
- name: my-nosql-database
-spec:
- location: "US"
-```
-
-Like any Kubernetes object the API has a
-{{}}version{{}},
-{{}}kind{{}} and
-{{}}spec{{}}.
-
-### Define a group and version
-To create your own API start by defining an
-[API group](https://kubernetes.io/docs/reference/using-api/#api-groups) and
-[version](https://kubernetes.io/docs/reference/using-api/#api-versioning).
-
-The _group_ can be any value, but common convention is to map to a fully
-qualified domain name.
-
-
-The version shows how mature or stable the API is and increments when changing,
-adding or removing fields in the API.
-
-
-Crossplane doesn't require specific versions or a specific version naming
-convention, but following
-[Kubernetes API versioning guidelines](https://kubernetes.io/docs/reference/using-api/#api-versioning)
-is strongly recommended.
-
-* `v1alpha1` - A new API that may change at any time.
-* `v1beta1` - An existing API that's considered stable. Breaking changes are
- strongly discouraged.
-* `v1` - A stable API that doesn't have breaking changes.
-
-This guide uses the group
-{{}}database.example.com{{}}.
-
-Because this is the first version of the API, this guide uses the version
-{{}}v1alpha1{{}}.
-
-```yaml {label="version",copy-lines="none"}
-apiVersion: database.example.com/v1alpha1
-```
-
-### Define a kind
-
-The API group is a logical collection of related APIs. In a group are
-individual kinds representing different resources.
-
-For example a `queue` group may have a `PubSub` and `CloudTask` kinds.
-
-The `kind` can be anything, but it must be
-[UpperCamelCased](https://kubernetes.io/docs/contribute/style/style-guide/#use-upper-camel-case-for-api-objects).
-
-This API's kind is
-{{}}PubSub{{}}
-
-```yaml {label="kind",copy-lines="none"}
-apiVersion: queue.example.com/v1alpha1
-kind: PubSub
-```
-
-### Define a spec
-
-The most important part of an API is the schema. The schema defines the inputs
-accepted from users.
-
-This API allows users to provide a
-{{}}location{{}} of where to run their
-cloud resources.
-
-All other resource settings can't be configurable by the users. This allows
-Crossplane to enforce any policies and standards without worrying about
-user errors.
-
-```yaml {label="spec",copy-lines="none"}
-apiVersion: queue.example.com/v1alpha1
-kind: PubSub
-spec:
- location: "US"
-```
-
-### Apply the API
-
-Crossplane uses
-{{}}Composite Resource Definitions{{}}
-(also called an `XRD`) to install your custom API in
-Kubernetes.
-
-The XRD {{}}spec{{}} contains all the
-information about the API including the
-{{}}group{{}},
-{{}}version{{}},
-{{}}kind{{}} and
-{{}}schema{{}}.
-
-The XRD's {{}}name{{}} must be the
-combination of the {{}}plural{{}} and
-{{}}group{{}}.
-
-The {{}}schema{{}} uses the
-{{}}OpenAPIv3{{}} specification to define
-the API {{}}spec{{}}.
-
-The API defines a {{}}location{{}} that
-must be {{}}oneOf{{}} either
-{{}}EU{{}} or
-{{}}US{{}}.
-
-Apply this XRD to create the custom API in your Kubernetes cluster.
-
-```yaml {label="xrd",copy-lines="all"}
-cat <}}claimNames{{}} allows users
-to access this API either at the cluster level with the
-{{}}pubsub{{}} endpoint or in a namespace
-with the
-{{}}pubsubclaim{{}} endpoint.
-
-The namespace scoped API is a Crossplane _Claim_.
-
-{{}}
-For more details on the fields and options of Composite Resource Definitions
-read the
-[XRD documentation]({{][}}).
-{{< /hint >}}
-
-View the installed XRD with `kubectl get xrd`.
-
-```shell {copy-lines="1"}
-kubectl get xrd
-NAME ESTABLISHED OFFERED AGE
-pubsubs.queue.example.com True True 7s
-```
-
-View the new custom API endpoints with `kubectl api-resources | grep pubsub`
-
-```shell {copy-lines="1",label="apiRes"}
-kubectl api-resources | grep queue.example
-pubsubclaims queue.example.com/v1alpha1 true PubSubClaim
-pubsubs queue.example.com/v1alpha1 false PubSub
-```
-
-## Create a deployment template
-
-When users access the custom API Crossplane takes their inputs and combines them
-with a template describing what infrastructure to deploy. Crossplane calls this
-template a _Composition_.
-
-The {{}}Composition{{}} defines all the
-cloud resources to deploy.
-Each entry in the template
-is a full resource definitions, defining all the resource settings and metadata
-like labels and annotations.
-
-This template creates a GCP
-{{}}Storage{{}}
-{{}}Bucket{{}} and a
-{{}}PubSub{{}}
-{{}}Topic{{}}.
-
-This Composition takes the user's
-{{}}location{{}} input and uses it as the
-{{}}location{{}} used in the individual
-resource.
-
-{{}}
-This Composition uses an array of resource templates. You can patch each
-template with data copied from the custom API. Crossplane calls this a _Patch
-and Transform_ Composition.
-
-You don't have to use Patch and Transform. Crossplane supports a variety of
-alternatives, including Go Templating and CUE. You can also write a function in
-Go or Python to template your resources.
-
-Read the [Composition documentation]({{][}}) for
-more information on configuring Compositions and all the available options.
-{{< /hint >}}
-
-Apply this Composition to your cluster.
-
-```yaml {label="comp",copy-lines="all"}
-cat <}}compositeTypeRef{{}} defines
-which custom APIs can use this template to create resources.
-
-A Composition uses a pipeline of _composition functions_ to define the cloud
-resources to deploy. This template uses
-{{}}function-patch-and-transform{{}}.
-You must install the function before you can use it in a Composition.
-
-Apply this Function to install `function-patch-and-transform`:
-
-```yaml {label="install"}
-cat <}}
-Read the [Composition documentation]({{][}}) for
-more information on configuring Compositions and all the available options.
-
-Read the
-[Patch and Transform function documentation]({{][}})
-for more information on how it uses patches to map user inputs to Composition
-resource templates.
-{{< /hint >}}
-
-View the Composition with `kubectl get composition`
-
-```shell {copy-lines="1"}
-kubectl get composition
-NAME XR-KIND XR-APIVERSION AGE
-topic-with-bucket PubSub queue.example.com 3s
-```
-
-## Access the custom API
-
-With the custom API (XRD) installed and associated to a resource template
-(Composition) users can access the API to create resources.
-
-Create a {{}}PubSub{{}} object to create the
-cloud resources.
-
-```yaml {copy-lines="all",label="xr"}
-cat <}}
-It may take up to 5 minutes to delete the resources.
-{{< /hint >}}
-
-```shell {copy-lines="1"}
-kubectl get managed
-No resources found
-```
-
-## Using the API with namespaces
-
-Accessing the API `pubsub` happens at the cluster scope.
-Most organizations
-isolate their users into namespaces.
-
-A Crossplane _Claim_ is the custom API in a namespace.
-
-Creating a _Claim_ is just like accessing the custom API endpoint, but with the
-{{}}kind{{}}
-from the custom API's `claimNames`.
-
-Create a new namespace to test create a Claim in.
-
-```shell
-kubectl create namespace crossplane-test
-```
-
-Then create a Claim in the `crossplane-test` namespace.
-
-```yaml {label="claim",copy-lines="all"}
-cat <}}
-It may take up to 5 minutes to delete the resources.
-{{< /hint >}}
-
-Verify Crossplane deleted the composite resource with `kubectl get composite`.
-
-```shell {copy-lines="1"}
-kubectl get composite
-No resources found
-```
-
-Verify Crossplane deleted the managed resources with `kubectl get managed`.
-
-```shell {copy-lines="1"}
-kubectl get managed
-No resources found
-```
-
-## Next steps
-* Explore AWS resources that Crossplane can configure in the
- [provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-aws/blob/main/package/crds).
-* Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with
- Crossplane users and contributors.
-* Read more about the [Crossplane concepts]({{][}}) to find out what else you can do
- with Crossplane.
diff --git a/content/v1.19/getting-started/provider-gcp.md b/content/v1.19/getting-started/provider-gcp.md
deleted file mode 100644
index 8558273d9..000000000
--- a/content/v1.19/getting-started/provider-gcp.md
+++ /dev/null
@@ -1,251 +0,0 @@
----
-title: GCP Quickstart
-weight: 140
----
-
-Connect Crossplane to GCP to create and manage cloud resources from Kubernetes
-with
-[provider-upjet-gcp](https://github.com/crossplane-contrib/provider-upjet-gcp).
-
-This guide is in two parts:
-* Part 1 walks through installing Crossplane, configuring the provider to
-authenticate to GCP and creating a _Managed Resource_ in GCP directly from
-your Kubernetes cluster. This shows Crossplane can communicate with GCP.
-* [Part 2]({{< ref "provider-gcp-part-2" >}}) shows how to build and access a
- custom API with Crossplane.
-## Prerequisites
-This quickstart requires:
-* a Kubernetes cluster with at least 2 GB of RAM
-* permissions to create pods and secrets in the Kubernetes cluster
-* [Helm](https://helm.sh/) version v3.2.0 or later
-* a GCP account with permissions to create a storage bucket
-* GCP [account keys](https://cloud.google.com/iam/docs/creating-managing-service-account-keys)
-* GCP [Project ID](https://support.google.com/googleapi/answer/7014113?hl=en)
-
-{{}}
-
-## Install the GCP provider
-
-Install the provider into the Kubernetes cluster with a Kubernetes configuration
-file.
-
-```shell {label="provider",copy-lines="all"}
-cat <}}Provider{{}}
-installs the Kubernetes _Custom Resource Definitions_ (CRDs) representing GCP storage
-services. These CRDs allow you to create GCP resources directly inside
-Kubernetes.
-
-Verify the provider installed with `kubectl get providers`.
-
-
-```shell {copy-lines="1",label="getProvider"}
-kubectl get providers
-NAME INSTALLED HEALTHY PACKAGE AGE
-crossplane-contrib-provider-family-gcp True True xpkg.crossplane.io/crossplane-contrib/provider-family-gcp:v1.12.1 33s
-provider-gcp-storage True True xpkg.crossplane.io/crossplane-contrib/provider-gcp-storage:v1.12.1 37s
-```
-
-The Storage Provider installs a second Provider, the
-{{}}crossplane-contrib-provider-family-gcp{{}}
-provider.
-The family provider manages authentication to GCP across all GCP family
-Providers.
-
-You can view the new CRDs with `kubectl get crds`.
-Every CRD maps to a unique GCP service Crossplane can provision and manage.
-
-{{< hint "tip" >}}
-See details about all the supported CRDs in the
-[provider examples](https://github.com/crossplane-contrib/provider-upjet-gcp/tree/main/examples).
-{{< /hint >}}
-
-
-## Create a Kubernetes secret for GCP
-The provider requires credentials to create and manage GCP resources. Providers
-use a Kubernetes _Secret_ to connect the credentials to the provider.
-
-First generate a Kubernetes _Secret_ from a Google Cloud service account JSON
-file and then configure the Provider to use it.
-
-### Generate a GCP service account JSON file
-For basic user authentication, use a Google Cloud service account JSON file.
-
-{{< hint "tip" >}}
-The
-[GCP documentation](https://cloud.google.com/iam/docs/creating-managing-service-account-keys)
-provides information on how to generate a service account JSON file.
-{{< /hint >}}
-
-Save this JSON file as `gcp-credentials.json`
-
-
-### Create a Kubernetes secret with the GCP credentials
-A Kubernetes generic secret has a name and contents. Use
-{{< hover label="kube-create-secret" line="1">}}kubectl create secret{{< /hover >}}
-to generate the secret object named
-{{< hover label="kube-create-secret" line="2">}}gcp-secret{{< /hover >}} in the
-{{< hover label="kube-create-secret" line="3">}}crossplane-system{{}}
-namespace.
-Use the {{< hover label="kube-create-secret" line="4">}}--from-file={{}}
-argument to set the value to the contents of the
-{{< hover label="kube-create-secret" line="4">}}gcp-credentials.json{{< /hover >}}
-file.
-
-
-```shell {label="kube-create-secret",copy-lines="all"}
-kubectl create secret \
-generic gcp-secret \
--n crossplane-system \
---from-file=creds=./gcp-credentials.json
-```
-
-View the secret with `kubectl describe secret`
-
-{{< hint "note" >}}
-The file size may be a different depending on the contents.
-{{< /hint >}}
-
-```shell {copy-lines="1"}
-kubectl describe secret gcp-secret -n crossplane-system
-Name: gcp-secret
-Namespace: crossplane-system
-Labels:
-Annotations:
-
-Type: Opaque
-
-Data
-====
-creds: 2330 bytes
-```
-
-{{< hint type="note" >}}
-The
-[Authentication](https://docs.upbound.io/providers/provider-gcp/authentication/)
-section of the GCP Provider documentation describes other authentication methods.
-{{< /hint >}}
-
-## Create a ProviderConfig
-A `ProviderConfig` customizes the settings of the GCP Provider.
-
-Include your
-{{< hover label="providerconfig" line="7" >}}GCP project ID{{< /hover >}} in the
-_ProviderConfig_ settings.
-
-{{< hint "tip" >}}
-Find your GCP project ID from the `project_id` field of the
-`gcp-credentials.json` file.
-{{< /hint >}}
-
-Apply the
-{{< hover label="providerconfig" line="2">}}ProviderConfig{{}} with
-the command:
-
-{{< editCode >}}
-```yaml {label="providerconfig",copy-lines="all"}
-cat <$@
- credentials:
- source: Secret
- secretRef:
- namespace: crossplane-system
- name: gcp-secret
- key: creds
-EOF
-```
-{{< /editCode >}}
-
-This attaches the GCP credentials, saved as a Kubernetes secret, as a
-{{< hover label="providerconfig" line="10">}}secretRef{{}}.
-
-The {{< hover label="providerconfig" line="12">}}spec.credentials.secretRef.name{{< /hover >}} value is the name of the Kubernetes secret containing the GCP credentials in the
-{{< hover label="providerconfig" line="11">}}spec.credentials.secretRef.namespace{{< /hover >}}.
-
-## Create a managed resource
-A _managed resource_ is anything Crossplane creates and manages outside of the
-Kubernetes cluster. This example creates a GCP storage bucket with Crossplane.
-The storage bucket is a _managed resource_.
-
-{{< hint "note" >}}
-To generate a unique name use
-{{}}generateName{{}} instead of `name`.
-{{< /hint >}}
-
-Create the Bucket with the following command:
-
-```yaml {label="xr",copy-lines="all"}
-cat <}}apiVersion{{< /hover >}} and
-{{< hover label="xr" line="3">}}kind{{}} are from the provider's CRDs.
-
-The {{< hover label="xr" line="10">}}spec.forProvider.location{{< /hover >}}
-tells GCP which GCP region to use when deploying resources.
-For a
-{{}}bucket{{}} the
-region can be any
-[GCP multi-region location](https://cloud.google.com/storage/docs/locations#location-mr)
-
-Use `kubectl get bucket` to verify Crossplane created the bucket.
-
-{{< hint type="tip" >}}
-Crossplane created the bucket when the values `READY` and `SYNCED` are `True`.
-This may take up to 5 minutes.
-{{< /hint >}}
-
-```shell {copy-lines="1"}
-kubectl get bucket
-NAME READY SYNCED EXTERNAL-NAME AGE
-crossplane-bucket-8b7gw True True crossplane-bucket-8b7gw 2m2s
-```
-
-## Delete the managed resource
-Before shutting down your Kubernetes cluster, delete the GCP bucket just
-created.
-
-Use `kubectl delete bucket` to remove the bucket.
-
-{{}}
-Use the `--selector` flag to delete by label instead of by name.
-{{}}
-
-```shell {copy-lines="1"}
-kubectl delete bucket --selector docs.crossplane.io/example=provider-gcp
-bucket.storage.gcp.upbound.io "crossplane-bucket-8b7gw" deleted
-```
-
-## Next steps
-* [**Continue to part 2**]({{< ref "provider-gcp-part-2">}}) to create a
-Crossplane _Composite Resource_ and _Claim_.
-* Explore GCP resources that can Crossplane can configure in the
-[Provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-gcp/tree/main/package/crds).
-* Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with
-Crossplane users and contributors.
\ No newline at end of file
diff --git a/content/v1.19/guides/disaster-recovery.md b/content/v1.19/guides/disaster-recovery.md
deleted file mode 100644
index e00073722..000000000
--- a/content/v1.19/guides/disaster-recovery.md
+++ /dev/null
@@ -1,10 +0,0 @@
----
-title: Disaster Recovery with Crossplane
-weight: 10
----
-
-AWS wrote a guide covering disaster recovery with Crossplane. The guide covers
-using Crossplane to provision resources and Velero for Kubernetes backup and
-recovery.
-
-[Read the guide on AWS](https://aws.amazon.com/blogs/opensource/disaster-recovery-when-using-crossplane-for-infrastructure-provisioning-on-aws/).
\ No newline at end of file
diff --git a/content/v1.19/guides/multi-tenant.md b/content/v1.19/guides/multi-tenant.md
deleted file mode 100644
index 4499d3ca7..000000000
--- a/content/v1.19/guides/multi-tenant.md
+++ /dev/null
@@ -1,325 +0,0 @@
----
-title: Multi-Tenant Crossplane
-weight: 240
----
-
-This guide describes how to use Crossplane effectively in multi-tenant
-environments by utilizing Kubernetes primitives and compatible policy
-enforcement projects in the cloud native ecosystem.
-
-## Summary
-
-Infrastructure operators in multi-tenant Crossplane environments typically
-utilize composition and Kubernetes RBAC to define lightweight, standardized
-policies that dictate what level of self-service developers are given when
-requesting infrastructure. This is primarily achieved through exposing abstract
-resource types at the namespace scope, defining `Roles` for teams and
-individuals within that namespace, and patching the `spec.providerConfigRef` of
-the underlying managed resources so that they use a specific `ProviderConfig`
-and credentials when provisioned from each namespace. Larger organizations, or
-those with more complex environments, may choose to incorporate third-party
-policy engines, or scale to multiple Crossplane clusters. The following sections
-describe each of these scenarios in greater detail.
-
-- [Summary](#summary)
-- [Background](#background)
- - [Cluster-Scoped Managed Resources](#cluster-scoped-managed-resources)
- - [Namespace Scoped Claims](#namespace-scoped-claims)
-- [Single Cluster Multi-Tenancy](#single-cluster-multi-tenancy)
- - [Composition as an Isolation Mechanism](#composition-as-an-isolation-mechanism)
- - [Namespaces as an Isolation Mechanism](#namespaces-as-an-isolation-mechanism)
- - [Policy Enforcement with Open Policy Agent](#policy-enforcement-with-open-policy-agent)
-- [Multi-Cluster Multi-Tenancy](#multi-cluster-multi-tenancy)
- - [Reproducible Platforms with Configuration Packages](#reproducible-platforms-with-configuration-packages)
- - [Control Plane of Control Planes](#control-plane-of-control-planes)
-
-## Background
-
-Crossplane is designed to run in multi-tenant environments where many teams are
-consuming the services and abstractions provided by infrastructure operators in
-the cluster. This functionality is facilitated by two major design patterns in
-the Crossplane ecosystem.
-
-### Cluster-Scoped Managed Resources
-
-Typically, Crossplane providers, which supply granular [managed resources] that
-reflect an external API, authenticate by using a `ProviderConfig` object that
-points to a credentials source (such as a Kubernetes `Secret`, the `Pod`
-filesystem, or an environment variable). Then, every managed resource references
-a `ProviderConfig` that points to credentials with sufficient permissions to
-manage that resource type.
-
-For example, the following `ProviderConfig` for `provider-aws` points to a
-Kubernetes `Secret` with AWS credentials.
-
-```yaml
-apiVersion: aws.crossplane.io/v1beta1
-kind: ProviderConfig
-metadata:
- name: cool-aws-creds
-spec:
- credentials:
- source: Secret
- secretRef:
- namespace: crossplane-system
- name: aws-creds
- key: creds
-```
-
-If a user desired for these credentials to be used to provision an
-`RDSInstance`, they would reference the `ProviderConfig` in the object manifest:
-
-```yaml
-apiVersion: database.aws.crossplane.io/v1beta1
-kind: RDSInstance
-metadata:
- name: rdsmysql
-spec:
- forProvider:
- region: us-east-1
- dbInstanceClass: db.t3.medium
- masterUsername: masteruser
- allocatedStorage: 20
- engine: mysql
- engineVersion: "5.6.35"
- skipFinalSnapshotBeforeDeletion: true
- providerConfigRef:
- name: cool-aws-creds # name of ProviderConfig above
- writeConnectionSecretToRef:
- namespace: crossplane-system
- name: aws-rdsmysql-conn
-```
-
-Since both the `ProviderConfig` and all managed resources are cluster-scoped,
-the RDS controller in `provider-aws` will resolve this reference by fetching the
-`ProviderConfig`, obtaining the credentials it points to, and using those
-credentials to reconcile the `RDSInstance`. This means that anyone who has been
-given [RBAC] to manage `RDSInstance` objects can use any credentials to do so.
-In practice, Crossplane assumes that only folks acting as infrastructure
-administrators or platform builders will interact directly with cluster-scoped
-resources.
-
-### Namespace Scoped Claims
-
-While managed resources exist at the cluster scope, composite resources, which
-are defined using a **CompositeResourceDefinition (XRD)** may exist at either
-the cluster or namespace scope. Platform builders define XRDs and
-**Compositions** that specify what granular managed resources should be created
-in response to the creation of an instance of the XRD. More information about
-this architecture can be found in the [Composition] documentation.
-
-Every XRD is exposed at the cluster scope, but only those with `spec.claimNames`
-defined will have a namespace scoped variant.
-
-```yaml
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-metadata:
- name: xmysqlinstances.example.org
-spec:
- group: example.org
- names:
- kind: XMySQLInstance
- plural: xmysqlinstances
- claimNames:
- kind: MySQLInstance
- plural: mysqlinstances
-...
-```
-
-When the example above is created, Crossplane will produce two
-[CustomResourceDefinitions]:
-1. A cluster-scoped type with `kind: XMySQLInstance`. This is referred to as a
- **Composite Resource (XR)**.
-2. A namespace scoped type with `kind: MySQLInstance`. This is referred to as a
- **Claim (XRC)**.
-
-Platform builders may choose to define an arbitrary number of Compositions that
-map to these types, meaning that creating a `MySQLInstance` in a given namespace
-can result in the creations of any set of managed resources at the cluster
-scope. For instance, creating a `MySQLInstance` could result in the creation of
-the `RDSInstance` defined above.
-
-## Single Cluster Multi-Tenancy
-
-Depending on the size and scope of an organization, platform teams may choose to
-run one central Crossplane control plane, or many different ones for each team
-or business unit. This section will focus on servicing multiple teams within a
-single cluster, which may or may not be one of many other Crossplane clusters in
-the organization.
-
-### Composition as an Isolation Mechanism
-
-While managed resources always reflect every field that the underlying provider
-API exposes, XRDs can have any schema that a platform builder chooses. The
-fields in the XRD schema can then be patched onto fields in the underlying
-managed resource defined in a Composition, essentially exposing those fields as
-configurable to the consumer of the XR or XRC.
-
-This feature serves as a lightweight policy mechanism by only giving the
-consumer the ability to customize the underlying resources to the extent the
-platform builder desires. For instance, in the examples above, a platform
-builder may choose to define a `spec.location` field in the schema of the
-`XMySQLInstance` that's an enum with options `east` and `west`. In the
-Composition, those fields could map to the `RDSInstance` `spec.region` field,
-making the value either `us-east-1` or `us-west-1`. If no other patches were
-defined for the `RDSInstance`, giving a user the ability (using RBAC) to create
-a `XMySQLInstance` / `MySQLInstance` would be akin to giving the ability to
-create a specifically configured `RDSInstance`, where they can only decide
-the region where it lives and they're restricted to two options.
-
-This model is in contrast to many infrastructure as code tools where the end
-user must have provider credentials to create the underlying resources that are
-rendered from the abstraction. Crossplane takes a different approach, defining
-various credentials in the cluster (using the `ProviderConfig`), then giving
-only the provider controllers the ability to utilize those credentials and
-provision infrastructure on the users behalf. This creates a consistent
-permission model, even when using many providers with differing IAM models, by
-standardizing on Kubernetes RBAC.
-
-### Namespaces as an Isolation Mechanism
-
-While the ability to define abstract schemas and patches to concrete resource
-types using composition is powerful, the ability to define Claim types at the
-namespace scope enhances the functionality further by enabling RBAC to be
-applied with namespace restrictions. Most users in a cluster don't have access
-to cluster-scoped resources as they're considered only relevant to
-infrastructure admins by both Kubernetes and Crossplane.
-
-Building on our `XMySQLInstance` / `MySQLInstance` example, a platform
-builder may choose to define permissions on `MySQLInstance` at the namespace
-scope using a `Role`. This allows for giving users the ability to create and
-manage `MySQLInstances` in their given namespace, but not the ability to see
-those defined in other namespaces.
-
-Furthermore, because the `metadata.namespace` is a field on the XRC, patching can
-be utilized to configure managed resources based on the namespace in which the
-corresponding XRC was defined. This is especially useful if a platform builder
-wants to designate specific credentials or a set of credentials that users in a
-given namespace can utilize when provisioning infrastructure using an XRC. This
-can be accomplished today by creating one or more `ProviderConfig` objects that
-include the name of the namespace in the `ProviderConfig` name. For example, if
-any `MySQLInstance` created in the `team-1` namespace should use specific AWS
-credentials when the provider controller creates the underlying `RDSInstance`,
-the platform builder could:
-
-1. Define a `ProviderConfig` with name `team-1`.
-
-```yaml
-apiVersion: aws.crossplane.io/v1beta1
-kind: ProviderConfig
-metadata:
- name: team-1
-spec:
- credentials:
- source: Secret
- secretRef:
- namespace: crossplane-system
- name: team-1-creds
- key: creds
-```
-
-2. Define a `Composition` that patches the namespace of the Claim reference in the XR
- to the `providerConfigRef` of the `RDSInstance`.
-
-```yaml
-...
-resources:
-- base:
- apiVersion: database.aws.crossplane.io/v1beta1
- kind: RDSInstance
- spec:
- forProvider:
- ...
- patches:
- - fromFieldPath: spec.claimRef.namespace
- toFieldPath: spec.providerConfigRef.name
- policy:
- fromFieldPath: Required
-```
-
-This would result in the `RDSInstance` using the `ProviderConfig` of whatever
-namespace the corresponding `MySQLInstance` was created in.
-
-> Note that this model currently only allows for a single `ProviderConfig` per
-> namespace. However, future Crossplane releases should allow for defining a set
-> of `ProviderConfig` that can be selected from using [Multiple Source Field
-> patching].
-
-### Policy Enforcement with Open Policy Agent
-
-In some Crossplane deployment models, only using composition and RBAC to define
-policy won't be flexible enough. However, because Crossplane brings
-management of external infrastructure to the Kubernetes API, it's well suited
-to integrate with other projects in the cloud native ecosystem. Organizations
-and individuals that need a more robust policy engine, or just prefer a more
-general language for defining policy, often turn to [Open Policy Agent] (OPA).
-OPA allows platform builders to write custom logic in [Rego], a domain specific
-language. Writing policy in this manner allows for not only incorporating the
-information available in the specific resource being evaluated, but also using
-other state represented in the cluster. Crossplane users typically install OPA
-[Gatekeeper] to make policy management as streamlined as possible.
-
-> A live demo of using OPA with Crossplane can be viewed [here].
-
-## Multi-Cluster Multi-Tenancy
-
-Organizations that deploy Crossplane across many clusters typically take
-advantage of two major features that make managing multiple control planes much
-simpler.
-
-### Reproducible Platforms with Configuration Packages
-
-[Configuration packages] allow platform builders to package their XRDs and
-Compositions into [OCI images] that can be distributed via any OCI compliant
-image registry. These packages can also declare dependencies on providers,
-meaning that a single package can declare all of the granular managed resources,
-the controllers that must be deployed to reconcile them, and the abstract types
-that expose the underlying resources using composition.
-
-Organizations with many Crossplane deployments utilize Configuration packages to
-
-reproduce their platform in each cluster. This can be as simple as installing
-
-Crossplane with the flag to automatically install a Configuration package
-alongside it.
-
-```
-helm install crossplane --namespace crossplane-system crossplane-stable/crossplane --set configuration.packages='{"registry.upbound.io/xp/getting-started-with-aws:latest"}'
-```
-
-### Control Plane of Control Planes
-
-Taking the multi-cluster multi-tenancy model one step further, some
-organizations opt to manage their many Crossplane clusters using a single
-central Crossplane control plane. This requires setting up the central cluster,
-then using a provider to spin up new clusters (such as an [EKS Cluster] using
-[provider-aws]), then using [provider-helm] to install Crossplane into the new
-remote cluster, potentially bundling a common Configuration package into each
-install using the method described above.
-
-This advanced pattern allows for full management of Crossplane clusters using
-Crossplane itself, and when done properly, is a scalable solution to providing
-dedicated control planes to many tenants within a single organization.
-
-
-
-[managed resources]: {{][}}
-[RBAC]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
-[Composition]: {{][}}
-[CustomResourceDefinitions]: https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/
-[Open Policy Agent]: https://www.openpolicyagent.org/
-[Rego]: https://www.openpolicyagent.org/docs/latest/policy-language/
-[Gatekeeper]: https://open-policy-agent.github.io/gatekeeper/website/docs/
-[here]: https://youtu.be/TaF0_syejXc
-[Multiple Source Field patching]: https://github.com/crossplane/crossplane/pull/2093
-[Configuration packages]: {{][}}
-[OCI images]: https://github.com/opencontainers/image-spec
-[EKS Cluster]: https://github.com/crossplane-contrib/provider-upjet-aws/blob/main/examples/eks/v1beta2/cluster.yaml
-[provider-aws]: https://github.com/crossplane-contrib/provider-upjet-aws
-[provider-helm]: https://github.com/crossplane-contrib/provider-helm
-[Open Service Broker API]: https://github.com/openservicebrokerapi/servicebroker
-[Crossplane Service Broker]: https://github.com/vshn/crossplane-service-broker
-[Cloudfoundry]: https://www.cloudfoundry.org/
-[Kubernetes Service Catalog]: https://github.com/kubernetes-sigs/service-catalog
-[vshn/application-catalog-demo]: https://github.com/vshn/application-catalog-demo
diff --git a/content/v1.19/guides/self-signed-ca-certs.md b/content/v1.19/guides/self-signed-ca-certs.md
deleted file mode 100644
index e95a96c76..000000000
--- a/content/v1.19/guides/self-signed-ca-certs.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-title: Self-Signed CA Certs
-weight: 270
----
-
-> Using self-signed certificates isn't advised in production, it's
-recommended to only use self-signed certificates for testing.
-
-When Crossplane loads Configuration and Provider Packages from private
-registries, it must be configured to trust the CA and Intermediate certs.
-
-Crossplane needs to be installed via the Helm chart with the
-`registryCaBundleConfig.name` and `registryCaBundleConfig.key` parameters
-defined. See [Install Crossplane]({{][}}).
-
-## Configure
-
-1. Create a CA Bundle (A file containing your Root and Intermediate
-certificates in a specific order). This can be done with any text editor or
-from the command line, so long as the resulting file contains all required crt
-files in the proper order. In many cases, this will be either a single
-self-signed Root CA crt file, or an Intermediate crt and Root crt file. The
-order of the crt files should be from lowest to highest in signing order.
-For example, if you have a chain of two certificates below your Root
-certificate, you place the bottom level Intermediate cert at the beginning of
-the file, then the Intermediate cert that singed that cert, then the Root cert
-that signed that cert.
-
-2. Save the files as `[yourdomain].ca-bundle`.
-
-3. Create a Kubernetes ConfigMap in your Crossplane system namespace:
-
-```
-kubectl -n [Crossplane system namespace] create cm ca-bundle-config \
---from-file=ca-bundle=./[yourdomain].ca-bundle
-```
-
-4. Set the `registryCaBundleConfig.name` Helm chart parameter to
-`ca-bundle-config` and the `registryCaBundleConfig.key` parameter to
-`ca-bundle`.
-
-> Providing Helm with parameter values is covered in the Helm docs,
-[Helm install](https://helm.sh/docs/helm/helm_install/). An example block
-in an `override.yaml` file would look like this:
-```
- registryCaBundleConfig:
- name: ca-bundle-config
- key: ca-bundle
-```
diff --git a/content/v1.19/guides/troubleshoot-crossplane.md b/content/v1.19/guides/troubleshoot-crossplane.md
deleted file mode 100644
index 85038381f..000000000
--- a/content/v1.19/guides/troubleshoot-crossplane.md
+++ /dev/null
@@ -1,458 +0,0 @@
----
-title: Troubleshoot Crossplane
-weight: 306
----
-## Requested Resource Not Found
-
-If you use the Crossplane CLI to install a `Provider` or
-`Configuration` (for example, `crossplane xpkg install provider
-xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1`) and get `the server
-could not find the requested resource` error, more often than not, that's an
-indicator that the Crossplane CLI you're using is outdated. In other words
-some Crossplane API has been graduated from alpha to beta or stable and the old
-plugin isn't aware of this change.
-
-
-
-## Resource Status and Conditions
-
-Most Crossplane resources have a `status` section that can represent the current
-state of that particular resource. Running `kubectl describe` against a
-Crossplane resource will frequently give insightful information about its
-condition. For example, to determine the status of a GCP `CloudSQLInstance`
-managed resource use `kubectl describe` for the resource.
-
-```shell {copy-lines="1"}
-kubectl describe cloudsqlinstance my-db
-Status:
- Conditions:
- Last Transition Time: 2019-09-16T13:46:42Z
- Reason: Creating
- Status: False
- Type: Ready
-```
-
-Most Crossplane resources set the `Ready` condition. `Ready` represents the
-availability of the resource - whether it's creating, deleting, available,
-unavailable, binding, etc.
-
-## Resource Events
-
-Most Crossplane resources emit _events_ when something interesting happens. You
-can see the events associated with a resource by running `kubectl describe` -
-for example, `kubectl describe cloudsqlinstance my-db`. You can also see all events in a
-particular namespace by running `kubectl get events`.
-
-```console
-Events:
- Type Reason Age From Message
- ---- ------ ---- ---- -------
- Warning CannotConnectToProvider 16s (x4 over 46s) managed/postgresqlserver.database.azure.crossplane.io cannot get referenced ProviderConfig: ProviderConfig.azure.crossplane.io "default" not found
-```
-
-> Note that events are namespaced, while many Crossplane resources (XRs, etc)
-> are cluster scoped. Crossplane emits events for cluster scoped resources to
-> the 'default' namespace.
-
-## Crossplane Logs
-
-The next place to look to get more information or investigate a failure would be
-in the Crossplane pod logs, which should be running in the `crossplane-system`
-namespace. To get the current Crossplane logs, run the following:
-
-```shell
-kubectl -n crossplane-system logs -lapp=crossplane
-```
-
-> Note that Crossplane emits few logs by default - events are typically the best
-> place to look for information about what Crossplane is doing. You may need to
-> restart Crossplane with the `--debug` flag if you can't find what you're
-> looking for.
-
-## Provider Logs
-
-Remember that much of Crossplane's functionality is provided by providers. You
-can use `kubectl logs` to view provider logs too. By convention, they also emit
-few logs by default.
-
-```shell
-kubectl -n crossplane-system logs
-```
-
-All providers maintained by the Crossplane community mirror Crossplane's support
-of the `--debug` flag. The easiest way to set flags on a provider is to create a
-`DeploymentRuntimeConfig` and reference it from the `Provider`:
-
-```yaml
-apiVersion: pkg.crossplane.io/v1beta1
-kind: DeploymentRuntimeConfig
-metadata:
- name: debug-config
-spec:
- deploymentTemplate:
- spec:
- selector: {}
- template:
- spec:
- containers:
- - name: package-runtime
- args:
- - --debug
----
-apiVersion: pkg.crossplane.io/v1
-kind: Provider
-metadata:
- name: provider-aws
-spec:
- package: xpkg.crossplane.io/crossplane-contrib/provider-aws:v0.33.0
- runtimeConfigRef:
- apiVersion: pkg.crossplane.io/v1beta1
- kind: DeploymentRuntimeConfig
- name: debug-config
-```
-
-> Note that a reference to a `DeploymentRuntimeConfig` can be added to an already
-> installed `Provider` and it will update its `Deployment` accordingly.
-
-## Compositions and composite resource definition
-
-### General troubleshooting steps
-
-Crossplane and its providers log most error messages to resources' event fields. Whenever your Composite Resources aren't getting provisioned, follow the following steps:
-
-1. Get the events for the root resource using `kubectl describe` or `kubectl get event`
-2. If there are errors in the events, address them.
-3. If there are no errors, follow its subresources.
-
- `kubectl get -o=jsonpath='{.spec.resourceRef}{" "}{.spec.resourceRefs}' | jq`
-4. Repeat this process for each resource returned.
-
-{{< hint "note" >}}
-The rest of this section show you how to debug issues related to compositions without using external tooling.
-If you are using ArgoCD or FluxCD with UI, you can visualize object relationships in the UI.
-You can also use the `kube-lineage` plugin to visualize object relationships in your terminal.
-{{< /hint >}}
-
-### Examples
-
-#### Composition
-
-You deployed an example application using a claim. Kind = `ExampleApp`. Name = `example-application`.
-
-
-The example application never reaches available state as shown below.
-
-
-1. View the claim.
-
- ```shell
- kubectl describe exampleapp example-application
-
- Status:
- Conditions:
- Last Transition Time: 2022-03-01T22:57:38Z
- Reason: Composite resource claim is waiting for composite resource to become Ready
- Status: False
- Type: Ready
- Events:
- ```
-
-2. If the claim doesn't have errors, inspect the `.spec.resourceRef` field of the claim.
-
- ```shell
- kubectl get exampleapp example-application -o=jsonpath='{.spec.resourceRef}{" "}{.spec.resourceRefs}' | jq
-
- {
- "apiVersion": "awsblueprints.io/v1alpha1",
- "kind": "XExampleApp",
- "name": "example-application-xqlsz"
- }
- ```
-3. In the preceding output, you see the cluster scoped resource for this claim. Kind = `XExampleApp` name = `example-application-xqlsz`
-4. View the cluster scoped resource's events.
-
- ```shell
- kubectl describe xexampleapp example-application-xqlsz
-
- Events:
- Type Reason Age From Message
- ---- ------ ---- ---- -------
- Normal PublishConnectionSecret 9s (x2 over 10s) defined/compositeresourcedefinition.apiextensions.crossplane.io Successfully published connection details
- Normal SelectComposition 6s (x6 over 11s) defined/compositeresourcedefinition.apiextensions.crossplane.io Successfully selected composition
- Warning ComposeResources 6s (x6 over 10s) defined/compositeresourcedefinition.apiextensions.crossplane.io can't render composed resource from resource template at index 3: can't use dry-run create to name composed resource: an empty namespace may not be set during creation
- Normal ComposeResources 6s (x6 over 10s) defined/compositeresourcedefinition.apiextensions.crossplane.io Successfully composed resources
- ```
-5. You see errors in the events. it's complaining about not specifying namespace in its compositions. For this particular kind of error, you can get its subresources and check which one isn't created.
-
- ```shell
- kubectl get xexampleapp example-application-xqlsz -o=jsonpath='{.spec.resourceRef}{" "}{.spec.resourceRefs}' | jq
-
- [
- {
- "apiVersion": "awsblueprints.io/v1alpha1",
- "kind": "XDynamoDBTable",
- "name": "example-application-xqlsz-6j9nm"
- },
- {
- "apiVersion": "awsblueprints.io/v1alpha1",
- "kind": "XIAMPolicy",
- "name": "example-application-xqlsz-lp9wt"
- },
- {
- "apiVersion": "awsblueprints.io/v1alpha1",
- "kind": "XIAMPolicy",
- "name": "example-application-xqlsz-btwkn"
- },
- {
- "apiVersion": "awsblueprints.io/v1alpha1",
- "kind": "IRSA"
- }
- ]
- ```
-6. Notice the last element in the array doesn't have a name. When a resource in composition fails validation, the resource object isn't created and doesn't have a name. For this particular issue, you must specify the namespace for the IRSA resource.
-
-#### Composite resource definition
-
-Debugging Composite Resource Definition (XRD) is like debugging Compositions.
-
-1. Get the XRD
-
- ```shell
- kubectl get xrd testing.awsblueprints.io
-
- NAME ESTABLISHED OFFERED AGE
- testing.awsblueprints.io 66s
- ```
-2. Notice its status it not established. You describe this XRD to get its events.
-
- ```shell
- kubectl describe xrd testing.awsblueprints.io
-
- Events:
- Type Reason Age From Message
- ---- ------ ---- ---- -------
- Normal ApplyClusterRoles 3m19s (x3 over 3m19s) rbac/compositeresourcedefinition.apiextensions.crossplane.io Applied RBAC ClusterRoles
- Normal RenderCRD 18s (x9 over 3m19s) defined/compositeresourcedefinition.apiextensions.crossplane.io Rendered composite resource CustomResourceDefinition
- Warning EstablishComposite 18s (x9 over 3m19s) defined/compositeresourcedefinition.apiextensions.crossplane.io can't apply rendered composite resource CustomResourceDefinition: can't create object: CustomResourceDefinition.apiextensions.k8s.io "testing.awsblueprints.io" is invalid: metadata.name: Invalid value: "testing.awsblueprints.io": must be spec.names.plural+"."+spec.group
- ```
-3. You see in the events that Crossplane can't generate corresponding CRDs for this XRD. In this case, ensure the name is `spec.names.plural+"."+spec.group`
-
-#### Providers
-
-You can use install providers in two ways: `configuration.pkg.crossplane.io` and `provider.pkg.crossplane.io`. You can use either one to install providers with no functional differences to providers themselves.
-If you define a `configuration.pkg.crossplane.io` object, Crossplane creates a
-`provider.pkg.crossplane.io` object and manages it. Refer to [the Packages documentation]({{][}})
-for more information about Crossplane Packages.
-
-If you are experiencing provider issues, steps below are a good starting point.
-
-1. Check the status of provider object.
- ```shell
- kubectl describe provider.pkg.crossplane.io provider-aws
-
- Status:
- Conditions:
- Last Transition Time: 2022-08-04T16:19:44Z
- Reason: HealthyPackageRevision
- Status: True
- Type: Healthy
- Last Transition Time: 2022-08-04T16:14:29Z
- Reason: ActivePackageRevision
- Status: True
- Type: Installed
- Current Identifier: crossplane/provider-aws:v0.29.0
- Current Revision: provider-aws-a2e16ca2fc1a
- Events:
- Type Reason Age From Message
- ---- ------ ---- ---- -------
- Normal InstallPackageRevision 9m49s (x237 over 4d17h) packages/provider.pkg.crossplane.io Successfully installed package revision
- ```
- In the output above you see that this provider is healthy. To get more information about this provider, you can dig deeper. The `Current Revision` field let you know of your next object to look at.
-
-
-2. When you create a provider object, Crossplane creates a `ProviderRevision` object based on the contents of the OCI image. In this example, you're specifying the OCI image to be `crossplane/provider-aws:v0.29.0`. This image contains a YAML file which defines Kubernetes objects such as Deployment, ServiceAccount, and CRDs.
-The `ProviderRevision` object creates resources necessary for a provider to function based on the contents of the YAML file. To inspect what's deployed as part of the provider package, you inspect the ProviderRevision object. The `Current Revision` field above indicates which ProviderRevision object this provider uses.
-
- ```shell
- kubectl get providerrevision provider-aws-a2e16ca2fc1a
-
- NAME HEALTHY REVISION IMAGE STATE DEP-FOUND DEP-INSTALLED AGE
- provider-aws-a2e16ca2fc1a True 1 crossplane/provider-aws:v0.29.0 Active 19d
- ```
-
- When you describe the object, you find all CRDs managed by this object.
-
- ```shell
- kubectl describe providerrevision provider-aws-a2e16ca2fc1a
-
- Status:
- Controller Ref:
- Name: provider-aws-a2e16ca2fc1a
- Object Refs:
- API Version: apiextensions.k8s.io/v1
- Kind: CustomResourceDefinition
- Name: natgateways.ec2.aws.crossplane.io
- UID: 5c36d1bc-61b8-44f8-bca0-47e368af87a9
- ....
- Events:
- Type Reason Age From Message
- ---- ------ ---- ---- -------
- Normal SyncPackage 22m (x369 over 4d18h) packages/providerrevision.pkg.crossplane.io Successfully configured package revision
- Normal BindClusterRole 15m (x348 over 4d18h) rbac/providerrevision.pkg.crossplane.io Bound system ClusterRole to provider ServiceAccount
- Normal ApplyClusterRoles 15m (x364 over 4d18h) rbac/providerrevision.pkg.crossplane.io Applied RBAC ClusterRoles
- ```
-
- The event field also indicates any issues that may have occurred during this process.
-
-3. If you don't see any errors in the event field above, you should check if Crossplane provisioned deployments and their status.
-
- ```shell
- kubectl get deployment -n crossplane-system
-
- NAME READY UP-TO-DATE AVAILABLE AGE
- crossplane 1/1 1 1 105d
- crossplane-rbac-manager 1/1 1 1 105d
- provider-aws-a2e16ca2fc1a 1/1 1 1 19d
-
- kubectl get pods -n crossplane-system
-
- NAME READY STATUS RESTARTS AGE
- crossplane-54db688c8d-qng6b 2/2 Running 0 4d19h
- crossplane-rbac-manager-5776c9fbf4-wn5rj 1/1 Running 0 4d19h
- provider-aws-a2e16ca2fc1a-776769ccbd-4dqml 1/1 Running 0 4d23h
- ```
- If there are any pods failing, check its logs and remedy the problem.
-
-
-## Pausing Crossplane
-
-Sometimes, for example when you encounter a bug, it can be useful to pause
-Crossplane if you want to stop it from actively attempting to manage your
-resources. To pause Crossplane without deleting all of its resources, run the
-following command to scale down its deployment:
-
-```shell
-kubectl -n crossplane-system scale --replicas=0 deployment/crossplane
-```
-
-Once you have been able to rectify the problem or smooth things out, you can
-unpause Crossplane by scaling its deployment back up:
-
-```shell
-kubectl -n crossplane-system scale --replicas=1 deployment/crossplane
-```
-
-## Pausing Providers
-
-Providers can also be paused when troubleshooting an issue or orchestrating a
-complex migration of resources. Creating and referencing a `DeploymentRuntimeConfig` is
-the easiest way to scale down a provider, and the `DeploymentRuntimeConfig` can be
-modified or the reference can be removed to scale it back up:
-
-```yaml
-apiVersion: pkg.crossplane.io/v1beta1
-kind: DeploymentRuntimeConfig
-metadata:
- name: scale-config
-spec:
- deploymentTemplate:
- spec:
- selector: {}
- replicas: 0
- template: {}
----
-apiVersion: pkg.crossplane.io/v1
-kind: Provider
-metadata:
- name: provider-aws
-spec:
- package: xpkg.crossplane.io/crossplane-contrib/provider-aws:v0.33.0
- runtimeConfigRef:
- apiVersion: pkg.crossplane.io/v1beta1
- kind: DeploymentRuntimeConfig
- name: scale-config
-```
-
-> Note that a reference to a `DeploymentRuntimeConfig` can be added to an already
-> installed `Provider` and it will update its `Deployment` accordingly.
-
-## Deleting When a Resource Hangs
-
-The resources that Crossplane manages will automatically be cleaned up so as not
-to leave anything running behind. This is accomplished by using finalizers, but
-in certain scenarios the finalizer can prevent the Kubernetes object from
-getting deleted.
-
-To deal with this, we essentially want to patch the object to remove its
-finalizer, which will then allow it to be deleted completely. Note that this
-won't necessarily delete the external resource that Crossplane was managing, so
-you will want to go to your cloud provider's console and look there for any
-lingering resources to clean up.
-
-In general, a finalizer can be removed from an object with this command:
-
-```shell
-kubectl patch -p '{"metadata":{"finalizers": []}}' --type=merge
-```
-
-For example, for a `CloudSQLInstance` managed resource (`database.gcp.crossplane.io`) named
-`my-db`, you can remove its finalizer with:
-
-```shell
-kubectl patch cloudsqlinstance my-db -p '{"metadata":{"finalizers": []}}' --type=merge
-```
-
-## Tips, Tricks, and Troubleshooting
-
-In this section we'll cover some common tips, tricks, and troubleshooting steps
-for working with Composite Resources. If you're trying to track down why your
-Composite Resources aren't working the [Troubleshooting][trouble-ref] page also
-has some useful information.
-
-### Troubleshooting Claims and XRs
-
-Crossplane relies heavily on status conditions and events for troubleshooting.
-You can see both using `kubectl describe` - for example:
-
-```console
-# Describe the PostgreSQLInstance claim named my-db
-kubectl describe postgresqlinstance.database.example.org my-db
-```
-
-Per Kubernetes convention, Crossplane keeps errors close to the place they
-happen. This means that if your claim isn't becoming ready due to an issue with
-your `Composition` or with a composed resource you'll need to "follow the
-references" to find out why. Your claim will only tell you that the XR isn't
-yet ready.
-
-To follow the references:
-
-1. Find your XR by running `kubectl describe` on your claim and looking for its
- "Resource Ref" (aka `spec.resourceRef`).
-1. Run `kubectl describe` on your XR. This is where you'll find out about issues
- with the `Composition` you're using, if any.
-1. If there are no issues but your XR doesn't seem to be becoming ready, take a
- look for the "Resource Refs" (or `spec.resourceRefs`) to find your composed
- resources.
-1. Run `kubectl describe` on each referenced composed resource to determine
- whether it's ready and what issues, if any, it's encountering.
-
-
-
-
-
-[Requested Resource Not Found]: #requested-resource-not-found
-[install Crossplane CLI]: "../getting-started/install-configure"
-[Resource Status and Conditions]: #resource-status-and-conditions
-[Resource Events]: #resource-events
-[Crossplane Logs]: #crossplane-logs
-[Provider Logs]: #provider-logs
-[Pausing Crossplane]: #pausing-crossplane
-[Pausing Providers]: #pausing-providers
-[Deleting When a Resource Hangs]: #deleting-when-a-resource-hangs
-[Installing Crossplane Package]: #installing-crossplane-package
-[Crossplane package]: /master/concepts/packages/
-[Handling Crossplane Package Dependency]: #handling-crossplane-package-dependency
-[semver spec]: https://github.com/Masterminds/semver#basic-comparisons
-
-
diff --git a/content/v1.19/guides/vault-as-secret-store.md b/content/v1.19/guides/vault-as-secret-store.md
deleted file mode 100644
index 681c6c862..000000000
--- a/content/v1.19/guides/vault-as-secret-store.md
+++ /dev/null
@@ -1,638 +0,0 @@
----
-title: Vault as an External Secret Store
-weight: 230
----
-
-This guide walks through the steps required to configure Crossplane and
-its Providers to use [Vault] as an [External Secret Store] (`ESS`) with [ESS Plugin Vault].
-
-{{}}
-External Secret Stores are an alpha feature.
-
-They're not recommended for production use. Crossplane disables External Secret
-Stores by default.
-{{< /hint >}}
-
-Crossplane uses sensitive information including Provider credentials, inputs to
-managed resources and connection details.
-
-The [Vault credential injection guide]({{][}}) details
-using Vault and Crossplane for Provider credentials.
-
-Crossplane doesn't support for using Vault for managed resources input.
-[Crossplane issue #2985](https://github.com/crossplane/crossplane/issues/2985)
-tracks support for this feature.
-
-Supporting connection details with Vault requires a Crossplane external secret
-store.
-
-## Prerequisites
-This guide requires [Helm](https://helm.sh) version 3.11 or later.
-
-## Install Vault
-
-{{}}
-Detailed instructions on [installing Vault](https://developer.hashicorp.com/vault/docs/platform/k8s/helm)
-are available from the Vault documentation.
-{{< /hint >}}
-
-### Add the Vault Helm chart
-
-Add the Helm repository for `hashicorp`.
-```shell
-helm repo add hashicorp https://helm.releases.hashicorp.com --force-update
-```
-
-Install Vault using Helm.
-```shell
-helm -n vault-system upgrade --install vault hashicorp/vault --create-namespace
-```
-
-### Unseal Vault
-
-If Vault is [sealed](https://developer.hashicorp.com/vault/docs/concepts/seal)
-unseal Vault using the unseal keys.
-
-Get the Vault keys.
-```shell
-kubectl -n vault-system exec vault-0 -- vault operator init -key-shares=1 -key-threshold=1 -format=json > cluster-keys.json
-VAULT_UNSEAL_KEY=$(cat cluster-keys.json | jq -r ".unseal_keys_b64[]")
-```
-
-Unseal the vault using the keys.
-```shell {copy-lines="1"}
-kubectl -n vault-system exec vault-0 -- vault operator unseal $VAULT_UNSEAL_KEY
-Key Value
---- -----
-Seal Type shamir
-Initialized true
-Sealed false
-Total Shares 1
-Threshold 1
-Version 1.13.1
-Build Date 2023-03-23T12:51:35Z
-Storage Type file
-Cluster Name vault-cluster-df884357
-Cluster ID b3145d26-2c1a-a7f2-a364-81753033c0d9
-HA Enabled false
-```
-
-## Configure Vault Kubernetes authentication
-
-Enable the [Kubernetes auth method] for Vault to authenticate requests based on
-Kubernetes service accounts.
-
-### Get the Vault root token
-
-The Vault root token is inside the JSON file created when
-[unsealing Vault](#unseal-vault).
-
-```shell
-cat cluster-keys.json | jq -r ".root_token"
-```
-
-### Enable Kubernetes authentication
-
-Connect to a shell in the Vault pod.
-
-```shell {copy-lines="1"}
-kubectl -n vault-system exec -it vault-0 -- /bin/sh
-/ $
-```
-
-From the Vault shell, login to Vault using the _root token_.
-```shell {copy-lines="1"}
-vault login # use the root token from above
-Token (will be hidden):
-Success! You are now authenticated. The token information displayed below
-is already stored in the token helper. You do NOT need to run "vault login"
-again. Future Vault requests will automatically use this token.
-
-Key Value
---- -----
-token hvs.TSN4SssfMBM0HAtwGrxgARgn
-token_accessor qodxHrINVlRXKyrGeeDkxnih
-token_duration ∞
-token_renewable false
-token_policies ["root"]
-identity_policies []
-policies ["root"]
-```
-
-Enable the Kubernetes authentication method in Vault.
-```shell {copy-lines="1"}
-vault auth enable kubernetes
-Success! Enabled kubernetes auth method at: kubernetes/
-```
-
-Configure Vault to communicate with Kubernetes and exit the Vault shell
-
-```shell {copy-lines="1-4"}
-vault write auth/kubernetes/config \
- token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
- kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443" \
- kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-Success! Data written to: auth/kubernetes/config
-/ $ exit
-```
-
-## Configure Vault for Crossplane integration
-
-Crossplane relies on the Vault key-value secrets engine to store information and
-Vault requires a permissions policy for the Crossplane service account.
-
-
-
-### Enable the Vault kv secrets engine
-
-
-Enable the [Vault KV Secrets Engine].
-
-{{< hint "important" >}}
-Vault has two versions of the
-[KV Secrets Engine](https://developer.hashicorp.com/vault/docs/secrets/kv).
-This example uses version 2.
-{{}}
-
-```shell {copy-lines="1"}
-kubectl -n vault-system exec -it vault-0 -- vault secrets enable -path=secret kv-v2
-Success! Enabled the kv-v2 secrets engine at: secret/
-```
-
-### Create a Vault policy for Crossplane
-
-Create the Vault policy to allow Crossplane to read and write data from Vault.
-```shell {copy-lines="1-8"}
-kubectl -n vault-system exec -i vault-0 -- vault policy write crossplane - <}}
-Crossplane v1.12 introduced the plugin support. Make sure your version of Crossplane supports plugins.
-{{< /hint >}}
-
-Install the Crossplane with the External Secrets Stores feature enabled.
-
-```shell
-helm upgrade --install crossplane crossplane-stable/crossplane --namespace crossplane-system --create-namespace --set args='{--enable-external-secret-stores}'
-```
-
-## Install the Crossplane Vault plugin
-
-The Crossplane Vault plugin isn't part of the default Crossplane install.
-The plugin installs as a unique Pod that uses the [Vault Agent Sidecar
-Injection] to connect the Vault secret store to Crossplane.
-
-First, configure annotations for the Vault plugin pod.
-
-```yaml
-cat > values.yaml <}}
-This example uses Provider GCP, but the
-{{}}ControllerConfig{{}} is the
-same for all Providers.
-{{]}}
-
-Create a `ControllerConfig` object to enable external secret stores.
-
-```yaml {label="ControllerConfig"}
-echo "apiVersion: pkg.crossplane.io/v1alpha1
-kind: ControllerConfig
-metadata:
- name: vault-config
-spec:
- args:
- - --enable-external-secret-stores" | kubectl apply -f -
-```
-
-Install the Provider and apply the ControllerConfig.
-```yaml
-echo "apiVersion: pkg.crossplane.io/v1
-kind: Provider
-metadata:
- name: provider-gcp
-spec:
- package: xpkg.crossplane.io/crossplane-contrib/provider-gcp:v0.23.0-rc.0.19.ge9b75ee5
- controllerConfigRef:
- name: vault-config" | kubectl apply -f -
-```
-
-### Connect the Crossplane plugin to Vault
-Create a {{}}VaultConfig{{}}
-resource for the plugin to connect to the Vault service:
-
-```yaml {label="VaultConfig"}
-echo "apiVersion: secrets.crossplane.io/v1alpha1
-kind: VaultConfig
-metadata:
- name: vault-internal
-spec:
- server: http://vault.vault-system:8200
- mountPath: secret/
- version: v2
- auth:
- method: Token
- token:
- source: Filesystem
- fs:
- path: /vault/secrets/token" | kubectl apply -f -
-```
-
-### Create a Crossplane StoreConfig
-
-Create a {{}}StoreConfig{{}}
-object from the
-{{}}secrets.crossplane.io{{}}
-group. Crossplane uses the StoreConfig to connect to the Vault plugin service.
-
-The {{}}configRef{{}} connects
-the StoreConfig to the specific Vault plugin configuration.
-
-```yaml {label="xp-storeconfig"}
-echo "apiVersion: secrets.crossplane.io/v1alpha1
-kind: StoreConfig
-metadata:
- name: vault
-spec:
- type: Plugin
- defaultScope: crossplane-system
- plugin:
- endpoint: ess-plugin-vault.crossplane-system:4040
- configRef:
- apiVersion: secrets.crossplane.io/v1alpha1
- kind: VaultConfig
- name: vault-internal" | kubectl apply -f -
-```
-
-
-### Create a Provider StoreConfig
-Create a {{}}StoreConfig{{}}
-object from the Provider's API group,
-{{}}gcp.crossplane.io{{}}.
-The Provider uses this StoreConfig to communicate with Vault for
-Managed Resources.
-
-The {{}}configRef{{}} connects
-the StoreConfig to the specific Vault plugin configuration.
-
-```yaml {label="gcp-storeconfig"}
-echo "apiVersion: gcp.crossplane.io/v1alpha1
-kind: StoreConfig
-metadata:
- name: vault
-spec:
- type: Plugin
- defaultScope: crossplane-system
- plugin:
- endpoint: ess-plugin-vault.crossplane-system:4040
- configRef:
- apiVersion: secrets.crossplane.io/v1alpha1
- kind: VaultConfig
- name: vault-internal" | kubectl apply -f -
-```
-
-## Create Provider resources
-
-Check that Crossplane installed the Provider and the Provider is healthy.
-
-```shell {copy-lines="1"}
-kubectl get providers
-NAME INSTALLED HEALTHY PACKAGE AGE
-provider-gcp True True xpkg.crossplane.io/crossplane-contrib/provider-gcp:v0.23.0-rc.0.19.ge9b75ee5 10m
-```
-
-### Create a CompositeResourceDefinition
-
-Create a `CompositeResourceDefinition` to define a custom API endpoint.
-
-```yaml
-echo "apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-metadata:
- name: compositeessinstances.ess.example.org
- annotations:
- feature: ess
-spec:
- group: ess.example.org
- names:
- kind: CompositeESSInstance
- plural: compositeessinstances
- claimNames:
- kind: ESSInstance
- plural: essinstances
- connectionSecretKeys:
- - publicKey
- - publicKeyType
- versions:
- - name: v1alpha1
- served: true
- referenceable: true
- schema:
- openAPIV3Schema:
- type: object
- properties:
- spec:
- type: object
- properties:
- parameters:
- type: object
- properties:
- serviceAccount:
- type: string
- required:
- - serviceAccount
- required:
- - parameters" | kubectl apply -f -
-```
-
-### Create a Composition
-Create a `Composition` to create a Service Account and Service Account Key
-inside GCP.
-
-Creating a Service Account Key generates
-{{}}connectionDetails{{}} that the
-Provider stores in Vault using the
-{{}}publishConnectionDetailsTo{{}} details.
-
-```yaml {label="comp"}
-echo "apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-metadata:
- name: essinstances.ess.example.org
- labels:
- feature: ess
-spec:
- publishConnectionDetailsWithStoreConfigRef:
- name: vault
- compositeTypeRef:
- apiVersion: ess.example.org/v1alpha1
- kind: CompositeESSInstance
- mode: Pipeline
- pipeline:
- - step: patch-and-transform
- functionRef:
- name: function-patch-and-transform
- input:
- apiVersion: pt.fn.crossplane.io/v1beta1
- kind: Resources
- resources:
- - name: serviceaccount
- base:
- apiVersion: iam.gcp.crossplane.io/v1alpha1
- kind: ServiceAccount
- metadata:
- name: ess-test-sa
- spec:
- forProvider:
- displayName: a service account to test ess
- - name: serviceaccountkey
- base:
- apiVersion: iam.gcp.crossplane.io/v1alpha1
- kind: ServiceAccountKey
- spec:
- forProvider:
- serviceAccountSelector:
- matchControllerRef: true
- publishConnectionDetailsTo:
- name: ess-mr-conn
- metadata:
- labels:
- environment: development
- team: backend
- configRef:
- name: vault
- connectionDetails:
- - name: publicKey
- type: FromConnectionSecretKey
- fromConnectionSecretKey: publicKey
- - name: publicKey
- type: FromConnectionSecretKey
- fromConnectionSecretKey: publicKeyType" | kubectl apply -f -
-```
-
-### Create a Claim
-Now create a `Claim` to have Crossplane create the GCP resources and associated
-secrets.
-
-Like the Composition, the Claim uses
-{{}}publishConnectionDetailsTo{{}} to
-connect to Vault and store the secrets.
-
-```yaml {label="claim"}
-echo "apiVersion: ess.example.org/v1alpha1
-kind: ESSInstance
-metadata:
- name: my-ess
- namespace: default
-spec:
- parameters:
- serviceAccount: ess-test-sa
- compositionSelector:
- matchLabels:
- feature: ess
- publishConnectionDetailsTo:
- name: ess-claim-conn
- metadata:
- labels:
- environment: development
- team: backend
- configRef:
- name: vault" | kubectl apply -f -
-```
-
-## Verify the resources
-
-Verify all resources are `READY` and `SYNCED`:
-
-```shell {copy-lines="1"}
-kubectl get managed
-NAME READY SYNCED DISPLAYNAME EMAIL DISABLED
-serviceaccount.iam.gcp.crossplane.io/my-ess-zvmkz-vhklg True True a service account to test ess my-ess-zvmkz-vhklg@testingforbugbounty.iam.gserviceaccount.com
-
-NAME READY SYNCED KEY_ID CREATED_AT EXPIRES_AT
-serviceaccountkey.iam.gcp.crossplane.io/my-ess-zvmkz-bq8pz True True 5cda49b7c32393254b5abb121b4adc07e140502c 2022-03-23T10:54:50Z
-```
-
-View the claims
-```shell {copy-lines="1"}
-kubectl -n default get claim
-NAME READY CONNECTION-SECRET AGE
-my-ess True 19s
-```
-
-View the composite resources.
-```shell {copy-lines="1"}
-kubectl get composite
-NAME READY COMPOSITION AGE
-my-ess-zvmkz True essinstances.ess.example.org 32s
-```
-
-## Verify Vault secrets
-
-Look inside Vault to view the secrets from the managed resources.
-
-```shell {copy-lines="1",label="vault-key"}
-kubectl -n vault-system exec -i vault-0 -- vault kv list /secret/default
-Keys
-----
-ess-claim-conn
-```
-
-The key {{}}ess-claim-conn{{}}
-is the name of the Claim's
-{{}}publishConnectionDetailsTo{{}}
-configuration.
-
-Check connection secrets in the `crossplane-system` Vault scope.
-```shell {copy-lines="1",label="scope-key"}
-kubectl -n vault-system exec -i vault-0 -- vault kv list /secret/crossplane-system
-Keys
-----
-d2408335-eb88-4146-927b-8025f405da86
-ess-mr-conn
-```
-
-The key
-{{}}d2408335-eb88-4146-927b-8025f405da86{{}}
-comes from
-
-
-
-and the key
-{{}}ess-mr-conn{{}}
-comes from the Composition's
-{{}}publishConnectionDetailsTo{{}}
-configuration.
-
-
-Check contents of Claim's connection secret `ess-claim-conn` to see the key
-created by the managed resource.
-```shell {copy-lines="1"}
-kubectl -n vault-system exec -i vault-0 -- vault kv get /secret/default/ess-claim-conn
-======= Metadata =======
-Key Value
---- -----
-created_time 2022-03-18T21:24:07.2085726Z
-custom_metadata map[environment:development secret.crossplane.io/ner-uid:881cd9a0-6cc6-418f-8e1d-b36062c1e108 team:backend]
-deletion_time n/a
-destroyed false
-version 1
-
-======== Data ========
-Key Value
---- -----
-publicKey -----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsEYCokmYEsZJCc9QN/8
-Fm1M/kTPp7Gat/MXLTP3zFyCTBFVNLN79MbAKdinWi6ePXEb75vzB79IdZcWj8lo
-8trnS64QjNB9Vs4Xk5UvDALwleFN/bZeperxivDPwVPvT9Aqy/U9kohoS/LHyE8w
-uWQb5AuMeVQ1gtCTnCqQZ4d2MSVhQXYVvAWax1spJ9LT7mHub5j95xDdYIcOV3VJ
-l9CIo4VrWIT8THFN2NnjTrGq9+0TzXY0bV674bjJkfBC6v6yXs5HTetG+Uekq/xf
-FCjrrDi1+2UR9Mu2WTuvl8qn50be+mbwdJO5wE32jewxdYrVVmj19+PkaEeAwGTc
-vwIDAQAB
------END PUBLIC KEY-----
-publicKeyType TYPE_RAW_PUBLIC_KEY
-```
-
-Check contents of managed resource connection secret `ess-mr-conn`. The public
-key is identical to the public key in the Claim since the Claim is using this
-managed resource.
-```shell {copy-lines="1"}
-kubectl -n vault-system exec -i vault-0 -- vault kv get /secret/crossplane-system/ess-mr-conn
-======= Metadata =======
-Key Value
---- -----
-created_time 2022-03-18T21:21:07.9298076Z
-custom_metadata map[environment:development secret.crossplane.io/ner-uid:4cd973f8-76fc-45d6-ad45-0b27b5e9252a team:backend]
-deletion_time n/a
-destroyed false
-version 2
-
-========= Data =========
-Key Value
---- -----
-privateKey {
- "type": "service_account",
- "project_id": "REDACTED",
- "private_key_id": "REDACTED",
- "private_key": "-----BEGIN PRIVATE KEY-----\nREDACTED\n-----END PRIVATE KEY-----\n",
- "client_email": "ess-test-sa@REDACTED.iam.gserviceaccount.com",
- "client_id": "REDACTED",
- "auth_uri": "https://accounts.google.com/o/oauth2/auth",
- "token_uri": "https://oauth2.googleapis.com/token",
- "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
- "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/ess-test-sa%40REDACTED.iam.gserviceaccount.com"
-}
-privateKeyType TYPE_GOOGLE_CREDENTIALS_FILE
-publicKey -----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsEYCokmYEsZJCc9QN/8
-Fm1M/kTPp7Gat/MXLTP3zFyCTBFVNLN79MbAKdinWi6ePXEb75vzB79IdZcWj8lo
-8trnS64QjNB9Vs4Xk5UvDALwleFN/bZeperxivDPwVPvT9Aqy/U9kohoS/LHyE8w
-uWQb5AuMeVQ1gtCTnCqQZ4d2MSVhQXYVvAWax1spJ9LT7mHub5j95xDdYIcOV3VJ
-l9CIo4VrWIT8THFN2NnjTrGq9+0TzXY0bV674bjJkfBC6v6yXs5HTetG+Uekq/xf
-FCjrrDi1+2UR9Mu2WTuvl8qn50be+mbwdJO5wE32jewxdYrVVmj19+PkaEeAwGTc
-vwIDAQAB
------END PUBLIC KEY-----
-publicKeyType TYPE_RAW_PUBLIC_KEY
-```
-
-### Remove the resources
-
-Deleting the Claim removes the managed resources and associated keys from Vault.
-
-```shell
-kubectl delete claim my-ess
-```
-
-
-
-[Vault]: https://www.vaultproject.io/
-[External Secret Store]: https://github.com/crossplane/crossplane/blob/main/design/design-doc-external-secret-stores.md
-[this issue]: https://github.com/crossplane/crossplane/issues/2985
-[Kubernetes Auth Method]: https://www.vaultproject.io/docs/auth/kubernetes
-[Unseal]: https://www.vaultproject.io/docs/concepts/seal
-[Vault KV Secrets Engine]: https://developer.hashicorp.com/vault/docs/secrets/kv
-[Vault Agent Sidecar Injection]: https://www.vaultproject.io/docs/platform/k8s/injector
-[ESS Plugin Vault]: https://github.com/crossplane-contrib/ess-plugin-vault
\ No newline at end of file
diff --git a/content/v1.19/guides/vault-injection.md b/content/v1.19/guides/vault-injection.md
deleted file mode 100644
index 470f94a59..000000000
--- a/content/v1.19/guides/vault-injection.md
+++ /dev/null
@@ -1,502 +0,0 @@
----
-title: Vault Credential Injection
-weight: 230
----
-
-
-> This guide is adapted from the [Vault on Minikube] and [Vault Kubernetes
-> Sidecar] guides.
-
-Most Crossplane providers support supplying credentials from at least the
-following sources:
-- Kubernetes Secret
-- Environment Variable
-- Filesystem
-
-A provider may optionally support additional credentials sources, but the common
-sources cover a wide variety of use cases. One specific use case that's popular
-among organizations that use [Vault] for secrets management is using a sidecar
-to inject credentials into the filesystem. This guide will demonstrate how to
-use the [Vault Kubernetes Sidecar] to provide credentials for [provider-gcp]
-and [provider-aws].
-
-> Note: in this guide we will copy GCP credentials and AWS access keys
-> into Vault's KV secrets engine. This is a generic approach to
-> managing secrets with Vault, but isn't as robust as using Vault's
-> dedicated cloud provider secrets engines for [AWS], [Azure], and [GCP].
-
-## Setup
-
-> Note: this guide walks through setting up Vault running in the same cluster as
-> Crossplane. You may also choose to use an existing Vault instance that runs
-> outside the cluster but has Kubernetes authentication enabled.
-
-Before getting started, you must ensure that you have installed Crossplane and
-Vault and that they're running in your cluster.
-
-1. Install Crossplane
-
-```console
-kubectl create namespace crossplane-system
-
-helm repo add crossplane-stable https://charts.crossplane.io/stable
-helm repo update
-
-helm install crossplane --namespace crossplane-system crossplane-stable/crossplane
-```
-
-2. Install Vault Helm Chart
-
-```console
-helm repo add hashicorp https://helm.releases.hashicorp.com
-helm install vault hashicorp/vault
-```
-
-3. Unseal Vault Instance
-
-In order for Vault to access encrypted data from physical storage, it must be
-[unsealed].
-
-```console
-kubectl exec vault-0 -- vault operator init -key-shares=1 -key-threshold=1 -format=json > cluster-keys.json
-VAULT_UNSEAL_KEY=$(cat cluster-keys.json | jq -r ".unseal_keys_b64[]")
-kubectl exec vault-0 -- vault operator unseal $VAULT_UNSEAL_KEY
-```
-
-4. Enable Kubernetes Authentication Method
-
-In order for Vault to be able to authenticate requests based on Kubernetes
-service accounts, the [Kubernetes authentication method] must be enabled. This
-requires logging in to Vault and configuring it with a service account token,
-API server address, and certificate. Because we're running Vault in Kubernetes,
-these values are already available via the container filesystem and environment
-variables.
-
-```console
-cat cluster-keys.json | jq -r ".root_token" # get root token
-
-kubectl exec -it vault-0 -- /bin/sh
-vault login # use root token from above
-vault auth enable kubernetes
-
-vault write auth/kubernetes/config \
- token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
- kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443" \
- kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-```
-
-5. Exit Vault Container
-
-The next steps will be executed in your local environment.
-
-```console
-exit
-```
-
-{{< tabs >}}
-{{< tab "GCP" >}}
-
-## Create GCP Service Account
-
-In order to provision infrastructure on GCP, you will need to create a service
-account with appropriate permissions. In this guide we will only provision a
-CloudSQL instance, so the service account will be bound to the `cloudsql.admin`
-role. The following steps will setup a GCP service account, give it the
-necessary permissions for Crossplane to be able to manage CloudSQL instances,
-and emit the service account credentials in a JSON file.
-
-```console
-# replace this with your own gcp project id and the name of the service account
-# that will be created.
-PROJECT_ID=my-project
-NEW_SA_NAME=test-service-account-name
-
-# create service account
-SA="${NEW_SA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"
-gcloud iam service-accounts create $NEW_SA_NAME --project $PROJECT_ID
-
-# enable cloud API
-SERVICE="sqladmin.googleapis.com"
-gcloud services enable $SERVICE --project $PROJECT_ID
-
-# grant access to cloud API
-ROLE="roles/cloudsql.admin"
-gcloud projects add-iam-policy-binding --role="$ROLE" $PROJECT_ID --member "serviceAccount:$SA"
-
-# create service account keyfile
-gcloud iam service-accounts keys create creds.json --project $PROJECT_ID --iam-account $SA
-```
-
-You should now have valid service account credentials in `creds.json`.
-
-## Store Credentials in Vault
-
-After setting up Vault, you will need to store your credentials in the [kv
-secrets engine].
-
-> Note: the steps below involve copying credentials into the container
-> filesystem before storing them in Vault. You may also choose to use Vault's
-> HTTP API or UI by port forwarding the container to your local environment
-> (`kubectl port-forward vault-0 8200:8200`).
-
-1. Copy Credentials File into Vault Container
-
-Copy your credentials into the container filesystem so that your can store them
-in Vault.
-
-```console
-kubectl cp creds.json vault-0:/tmp/creds.json
-```
-
-2. Enable KV Secrets Engine
-
-Secrets engines must be enabled before they can be used. Enable the `kv-v2`
-secrets engine at the `secret` path.
-
-```console
-kubectl exec -it vault-0 -- /bin/sh
-
-vault secrets enable -path=secret kv-v2
-```
-
-3. Store GCP Credentials in KV Engine
-
-The path of your GCP credentials is how the secret will be referenced when
-injecting it into the `provider-gcp` controller `Pod`.
-
-```console
-vault kv put secret/provider-creds/gcp-default @tmp/creds.json
-```
-
-4. Clean Up Credentials File
-
-You no longer need our GCP credentials file in the container filesystem, so go
-ahead and clean it up.
-
-```console
-rm tmp/creds.json
-```
-
-{{< /tab >}}
-{{< tab "AWS" >}}
-
-## Create AWS IAM User
-
-In order to provision infrastructure on AWS, you will need to use an existing or create a new IAM
-user with appropriate permissions. The following steps will create an AWS IAM user and give it the necessary
-permissions.
-
-> Note: if you have an existing IAM user with appropriate permissions, you can skip this step but you will
-> still need to provide the values for the `ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables.
-
-```console
-# create a new IAM user
-IAM_USER=test-user
-aws iam create-user --user-name $IAM_USER
-
-# grant the IAM user the necessary permissions
-aws iam attach-user-policy --user-name $IAM_USER --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
-
-# create a new IAM access key for the user
-aws iam create-access-key --user-name $IAM_USER > creds.json
-# assign the access key values to environment variables
-ACCESS_KEY_ID=$(jq -r .AccessKey.AccessKeyId creds.json)
-AWS_SECRET_ACCESS_KEY=$(jq -r .AccessKey.SecretAccessKey creds.json)
-```
-
-## Store Credentials in Vault
-
-After setting up Vault, you will need to store your credentials in the [kv
-secrets engine].
-
-1. Enable KV Secrets Engine
-
-Secrets engines must be enabled before they can be used. Enable the `kv-v2`
-secrets engine at the `secret` path.
-
-```console
-kubectl exec -it vault-0 -- env \
- ACCESS_KEY_ID=${ACCESS_KEY_ID} \
- AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
- /bin/sh
-
-vault secrets enable -path=secret kv-v2
-```
-
-2. Store AWS Credentials in KV Engine
-
-The path of your AWS credentials is how the secret will be referenced when
-injecting it into the `provider-aws` controller `Pod`.
-
-```
-vault kv put secret/provider-creds/aws-default access_key="$ACCESS_KEY_ID" secret_key="$AWS_SECRET_ACCESS_KEY"
-```
-
-{{< /tab >}}
-{{< /tabs >}}
-
-## Create a Vault Policy for Reading Provider Credentials
-
-In order for our controllers to have the Vault sidecar inject the credentials
-into their filesystem, you must associate the `Pod` with a [policy]. This policy
-will allow for reading and listing all secrets on the `provider-creds` path in
-the `kv-v2` secrets engine.
-
-```console
-vault policy write provider-creds - <}}
-{{< tab "GCP" >}}
-
-## Install provider-gcp
-
-You are now ready to install `provider-gcp`. Crossplane provides a
-`ControllerConfig` type that allows you to customize the deployment of a
-provider's controller `Pod`. A `ControllerConfig` can be created and referenced
-by any number of `Provider` objects that wish to use its configuration. In the
-example below, the `Pod` annotations indicate to the Vault mutating webhook that
-we want for the secret stored at `secret/provider-creds/gcp-default` to be
-injected into the container filesystem by assuming role `crossplane-providers`.
-Template formatting has been added to make sure the secret data is
-presented in a form that `provider-gcp` is expecting.
-
-```console
-echo "apiVersion: pkg.crossplane.io/v1alpha1
-kind: ControllerConfig
-metadata:
- name: vault-config
-spec:
- metadata:
- annotations:
- vault.hashicorp.com/agent-inject: \"true\"
- vault.hashicorp.com/role: "crossplane-providers"
- vault.hashicorp.com/agent-inject-secret-creds.txt: "secret/provider-creds/gcp-default"
- vault.hashicorp.com/agent-inject-template-creds.txt: |
- {{- with secret \"secret/provider-creds/gcp-default\" -}}
- {{ .Data.data | toJSON }}
- {{- end -}}
----
-apiVersion: pkg.crossplane.io/v1
-kind: Provider
-metadata:
- name: provider-gcp
-spec:
- package: xpkg.crossplane.io/crossplane-contrib/provider-gcp:v0.22.0
- controllerConfigRef:
- name: vault-config" | kubectl apply -f -
-```
-
-## Configure provider-gcp
-
-One `provider-gcp` is installed and running, you will want to create a
-`ProviderConfig` that specifies the credentials in the filesystem that should be
-used to provision managed resources that reference this `ProviderConfig`.
-Because the name of this `ProviderConfig` is `default` it will be used by any
-managed resources that don't explicitly reference a `ProviderConfig`.
-
-> Note: make sure that the `PROJECT_ID` environment variable that was defined
-> earlier is still set correctly.
-
-```console
-echo "apiVersion: gcp.crossplane.io/v1beta1
-kind: ProviderConfig
-metadata:
- name: default
-spec:
- projectID: ${PROJECT_ID}
- credentials:
- source: Filesystem
- fs:
- path: /vault/secrets/creds.txt" | kubectl apply -f -
-```
-
-To verify that the GCP credentials are being injected into the container run the
-following command:
-
-```console
-PROVIDER_CONTROLLER_POD=$(kubectl -n crossplane-system get pod -l pkg.crossplane.io/provider=provider-gcp -o name --no-headers=true)
-kubectl -n crossplane-system exec -it $PROVIDER_CONTROLLER_POD -c provider-gcp -- cat /vault/secrets/creds.txt
-```
-
-## Provision Infrastructure
-
-The final step is to actually provision a `CloudSQLInstance`. Creating the
-object below will result in the creation of a Cloud SQL PostgreSQL database on
-GCP.
-
-```console
-echo "apiVersion: database.gcp.crossplane.io/v1beta1
-kind: CloudSQLInstance
-metadata:
- name: postgres-vault-demo
-spec:
- forProvider:
- databaseVersion: POSTGRES_12
- region: us-central1
- settings:
- tier: db-custom-1-3840
- dataDiskType: PD_SSD
- dataDiskSizeGb: 10
- writeConnectionSecretToRef:
- namespace: crossplane-system
- name: cloudsqlpostgresql-conn" | kubectl apply -f -
-```
-
-You can monitor the progress of the database provisioning with the following
-command:
-
-```console
-kubectl get cloudsqlinstance -w
-```
-
-{{< /tab >}}
-{{< tab "AWS" >}}
-
-## Install provider-aws
-
-You are now ready to install `provider-aws`. Crossplane provides a
-`ControllerConfig` type that allows you to customize the deployment of a
-provider's controller `Pod`. A `ControllerConfig` can be created and referenced
-by any number of `Provider` objects that wish to use its configuration. In the
-example below, the `Pod` annotations indicate to the Vault mutating webhook that
-we want for the secret stored at `secret/provider-creds/aws-default` to be
-injected into the container filesystem by assuming role `crossplane-providers`.
-Template formatting has been added to make sure the secret data is
-presented in a form that `provider-aws` is expecting.
-
-```console
-echo "apiVersion: pkg.crossplane.io/v1alpha1
-kind: ControllerConfig
-metadata:
- name: aws-vault-config
-spec:
- args:
- - --debug
- metadata:
- annotations:
- vault.hashicorp.com/agent-inject: \"true\"
- vault.hashicorp.com/role: \"crossplane-providers\"
- vault.hashicorp.com/agent-inject-secret-creds.txt: \"secret/provider-creds/aws-default\"
- vault.hashicorp.com/agent-inject-template-creds.txt: |
- {{- with secret \"secret/provider-creds/aws-default\" -}}
- [default]
- aws_access_key_id="{{ .Data.data.access_key }}"
- aws_secret_access_key="{{ .Data.data.secret_key }}"
- {{- end -}}
----
-apiVersion: pkg.crossplane.io/v1
-kind: Provider
-metadata:
- name: provider-aws
-spec:
- package: xpkg.crossplane.io/crossplane-contrib/provider-aws:v0.33.0
- controllerConfigRef:
- name: aws-vault-config" | kubectl apply -f -
-```
-
-## Configure provider-aws
-
-Once `provider-aws` is installed and running, you will want to create a
-`ProviderConfig` that specifies the credentials in the filesystem that should be
-used to provision managed resources that reference this `ProviderConfig`.
-Because the name of this `ProviderConfig` is `default` it will be used by any
-managed resources that don't explicitly reference a `ProviderConfig`.
-
-```console
-echo "apiVersion: aws.crossplane.io/v1beta1
-kind: ProviderConfig
-metadata:
- name: default
-spec:
- credentials:
- source: Filesystem
- fs:
- path: /vault/secrets/creds.txt" | kubectl apply -f -
-```
-
-To verify that the AWS credentials are being injected into the container run the
-following command:
-
-```console
-PROVIDER_CONTROLLER_POD=$(kubectl -n crossplane-system get pod -l pkg.crossplane.io/provider=provider-aws -o name --no-headers=true)
-kubectl -n crossplane-system exec -it $PROVIDER_CONTROLLER_POD -c provider-aws -- cat /vault/secrets/creds.txt
-```
-
-## Provision Infrastructure
-
-The final step is to actually provision a `Bucket`. Creating the
-object below will result in the creation of a S3 bucket on AWS.
-
-```console
-echo "apiVersion: s3.aws.crossplane.io/v1beta1
-kind: Bucket
-metadata:
- name: s3-vault-demo
-spec:
- forProvider:
- acl: private
- locationConstraint: us-east-1
- publicAccessBlockConfiguration:
- blockPublicPolicy: true
- tagging:
- tagSet:
- - key: Name
- value: s3-vault-demo
- providerConfigRef:
- name: default" | kubectl apply -f -
-```
-
-You can monitor the progress of the bucket provisioning with the following
-command:
-
-```console
-kubectl get bucket -w
-```
-
-{{< /tab >}}
-{{< /tabs >}}
-
-
-
-[Vault on Minikube]: https://learn.hashicorp.com/tutorials/vault/kubernetes-minikube
-[Vault Kubernetes Sidecar]: https://learn.hashicorp.com/tutorials/vault/kubernetes-sidecar
-[Vault]: https://www.vaultproject.io/
-[Vault Kubernetes Sidecar]: https://www.vaultproject.io/docs/platform/k8s/injector
-[provider-gcp]: https://github.com/crossplane-contrib/provider-upjet-gcp
-[provider-aws]: https://github.com/crossplane-contrib/provider-upjet-aws
-[AWS]: https://www.vaultproject.io/docs/secrets/aws
-[Azure]: https://www.vaultproject.io/docs/secrets/azure
-[GCP]: https://www.vaultproject.io/docs/secrets/gcp
-[unsealed]: https://www.vaultproject.io/docs/concepts/seal
-[Kubernetes authentication method]: https://www.vaultproject.io/docs/auth/kubernetes
-[kv secrets engine]: https://www.vaultproject.io/docs/secrets/kv/kv-v2
-[policy]: https://www.vaultproject.io/docs/concepts/policies
diff --git a/content/v1.19/learn/feature-lifecycle.md b/content/v1.19/learn/feature-lifecycle.md
deleted file mode 100644
index ff70384d4..000000000
--- a/content/v1.19/learn/feature-lifecycle.md
+++ /dev/null
@@ -1,60 +0,0 @@
----
-title: Feature Lifecycle
-toc: true
-weight: 309
-indent: true
----
-
-# Feature Lifecycle
-
-Crossplane follows a similar feature lifecycle to [upstream
-Kubernetes][kube-features]. All major new features must be added in alpha. Alpha
-features are expected to eventually graduate to beta, and then to general
-availability (GA). Features that languish at alpha or beta may be subject to
-deprecation.
-
-## Alpha Features
-
-Alpha are off by default, and must be enabled by a feature flag, for example
-`--enable-composition-revisions`. API types pertaining to alpha features use a
-`vNalphaN` style API version, like `v1alpha`. **Alpha features are subject to
-removal or breaking changes without notice**, and generally not considered ready
-for use in production.
-
-
-In some cases alpha features require fields be added to existing beta or GA
-API types. In these cases fields must clearly be marked (for instance in their OpenAPI
-schema) as alpha and subject to alpha API constraints (or lack thereof).
-
-
-All alpha features should have an issue tracking their graduation to beta.
-
-## Beta Features
-
-Beta features are on by default, but may be disabled by a feature flag. API
-types pertaining to beta features use a `vNbetaN` style API version, like
-`v1beta1`. Beta features are considered to be well tested, and won't be
-removed completely without being marked deprecated for at least two releases.
-
-The schema and/or semantics of objects may change in incompatible ways in a
-subsequent beta or stable release. When this happens, we will provide
-instructions for migrating to the next version. This may require deleting,
-editing, and recreating API objects. The editing process may require some
-thought. This may require downtime for applications that rely on the feature.
-
-
-In some cases beta features require fields be added to existing GA API types. In
-these cases fields must clearly be marked (for instance in their OpenAPI schema) as beta
-and subject to beta API constraints (or lack thereof).
-
-
-All beta features should have an issue tracking their graduation to GA.
-
-## GA Features
-
-GA features are always enabled - they can't be disabled. API types pertaining
-to GA features use `vN` style API versions, like `v1`. GA features are widely
-used and thoroughly tested. They guarantee API stability - only backward
-compatible changes are allowed.
-
-[kube-features]: https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/#feature-stages
\ No newline at end of file
diff --git a/content/v1.19/learn/release-cycle.md b/content/v1.19/learn/release-cycle.md
deleted file mode 100644
index 4af6066b7..000000000
--- a/content/v1.19/learn/release-cycle.md
+++ /dev/null
@@ -1,100 +0,0 @@
----
-title: Release Cycle
-weight: 308
----
-
-Starting with the v1.10.0 release, Crossplane is released on a quarterly (13
-week) cadence. A cycle is comprised of three general stages:
-
-- Weeks 1—11: [Active Development]
-- Week 12: [Feature Freeze]
-- Week 13: [Code Freeze]
-
-This results in four releases per year, with the most recent three releases
-being maintained at any given time. When a new release is cut, the fourth most
-recent release reaches end of life (EOL). Users can expect any given release to
-be maintained for nine months.
-
-### Definition of maintenance
-
-The Crossplane community defines maintenance in that relevant bug fixes that are
-merged to the main development branch will be eligible to be backported to the
-release branch of any currently maintained version, and patch releases will be
-cut appropriately. It's also possible that a fix may be merged directly to the
-release branch if no longer applicable on the main development branch.
-Maintenance doesn't indicate any SLA on response time for user support in the
-form of Slack messages or issues, but problems will be addressed on a best
-effort basis by maintainers and contributors for currently maintained releases.
-
-### Patch releases
-
-_This policy is subject to change in the future._
-
-Patch releases are cut for currently maintained minor versions on an as needed
-basis. Any critical backported fixes will be included in a patch release as
-soon as possible after merge.
-
-### Pre-releases
-
-_This policy is subject to change in the future._
-
-Alpha, Beta, and RC releases are cut for an upcoming release on an as needed
-basis. As a policy, at least one pre-release will be cut prior to any minor
-release. Pre-releases won't be made on release branches.
-
-### Provider releases
-
-The Crossplane release cycle isn't required to be adhered to by any other
-Crossplane projects, but a similar cadence is encouraged. Maintainers listed in
-each repository's `OWNERS.md` file are responsible for determining and
-publishing the release cycle for their project.
-
-## Release stages
-
-The following stages are the main milestones in a Crossplane release.
-
-### Active development
-
-During active development, any code that meets the requisite criteria (such as
-passing appropriate tests, approved by a maintainer, etc.) will be merged into
-the main development branch. At present, there is no requirement to formally
-submit an enhancement proposal prior to the start of the release cycle, but
-contributors are encouraged to open an issue and gather feedback before starting
-work on a major implementation (see [CONTRIBUTING.md] for more information).
-
-### Feature freeze
-
-During feature freeze, no new functionality should be merged into the main
-development branch. Bug fixes, documentation changes, and non critical changes
-may be made. In the case that a new feature is deemed absolutely necessary for a
-release, the Crossplane maintainers will weigh the impact of the change and make
-a decision on whether it should be included.
-
-### Code freeze
-
-During code freeze, there should be no changes merged to the main development
-branch with the following exceptions:
-- Fixes to a failing test that's deemed to be incorrectly testing
- functionality.
-- Documentation only changes. It's possible that a documentation freeze will be
- implemented in the future, but it's not currently enforced.
-- Fixes to a critical bug that wasn't previously identified. Merging a bug fix
- during code freeze requires application for and approval of an exception by
- Crossplane maintainers. This process is currently informal, but may be
- formalized in the future.
-
-## Release dates
-
-Crossplane releases once a quarter (every 13 weeks). Typically, the release
-happens on the Tuesday of the last week of the quarter, as shown on the
-[community calendar][community calendar]. Keep in mind that the specific date is
-**approximate**. A lot of factors can alter the date slightly, such as code
-reviews, testing, and bug fixing to ensure a quality release.
-
-
-
-[Active Development]: #active-development
-[Feature Freeze]: #feature-freeze
-[Code Freeze]: #code-freeze
-[CONTRIBUTING.md]: https://github.com/crossplane/crossplane/blob/main/CONTRIBUTING.md
-[community calendar]: https://zoom-lfx.platform.linuxfoundation.org/meetings/crossplane
diff --git a/content/v1.19/software/_index.md b/content/v1.19/software/_index.md
deleted file mode 100644
index e1b4933a1..000000000
--- a/content/v1.19/software/_index.md
+++ /dev/null
@@ -1,14 +0,0 @@
----
-title: Install, Upgrade and Uninstall
-weight: 10
-description: Manage Crossplane installations
----
-
-## [Install Crossplane](install/)
-How to install and customize Crossplane in an existing Kubernetes cluster.
-
-## [Upgrade Crossplane](upgrade/)
-How to upgrade Crossplane to newer versions of the software.
-
-## [Uninstall Crossplane](uninstall/)
-How to remove Crossplane from a Kubernetes cluster.
\ No newline at end of file
diff --git a/content/v1.19/software/install.md b/content/v1.19/software/install.md
deleted file mode 100644
index acfe44427..000000000
--- a/content/v1.19/software/install.md
+++ /dev/null
@@ -1,337 +0,0 @@
----
-title: Install Crossplane
-weight: 100
----
-
-Crossplane installs into an existing Kubernetes cluster, creating the
-`Crossplane` pod, enabling the installation of Crossplane _Provider_ resources.
-
-{{< hint type="tip" >}}
-If you don't have a Kubernetes cluster create one locally with [Kind](https://kind.sigs.k8s.io/).
-{{< /hint >}}
-
-## Prerequisites
-* An actively [supported Kubernetes version](https://kubernetes.io/releases/patch-releases/#support-period)
-* [Helm](https://helm.sh/docs/intro/install/) version `v3.2.0` or later
-
-## Install Crossplane
-
-Install Crossplane using the Crossplane published _Helm chart_.
-
-
-### Add the Crossplane Helm repository
-
-Add the Crossplane repository with the `helm repo add` command.
-
-```shell
-helm repo add crossplane-stable https://charts.crossplane.io/stable
-```
-
-Update the
-local Helm chart cache with `helm repo update`.
-```shell
-helm repo update
-```
-
-### Install the Crossplane Helm chart
-
-Install the Crossplane Helm chart with `helm install`.
-
-{{< hint "tip" >}}
-View the changes Crossplane makes to your cluster with the
-`helm install --dry-run --debug` options. Helm shows what configurations it
-applies without making changes to the Kubernetes cluster.
-{{< /hint >}}
-
-Crossplane creates and installs into the `crossplane-system` namespace.
-
-```shell
-helm install crossplane \
---namespace crossplane-system \
---create-namespace crossplane-stable/crossplane
-```
-
-View the installed Crossplane pods with `kubectl get pods -n crossplane-system`.
-
-```shell {copy-lines="1"}
-kubectl get pods -n crossplane-system
-NAME READY STATUS RESTARTS AGE
-crossplane-6d67f8cd9d-g2gjw 1/1 Running 0 26m
-crossplane-rbac-manager-86d9b5cf9f-2vc4s 1/1 Running 0 26m
-```
-
-{{< hint "tip" >}}
-Install a specific version of Crossplane with the `--version ` option. For example, to install version `1.10.0`:
-
-```shell
-helm install crossplane \
---namespace crossplane-system \
---create-namespace crossplane-stable/crossplane \
---version 1.10.0
-```
-{{< /hint >}}
-
-
-
-## Installed deployments
-Crossplane creates two Kubernetes _deployments_ in the `crossplane-system`
-namespace to deploy the Crossplane pods.
-
-```shell {copy-lines="1"}
-kubectl get deployments -n crossplane-system
-NAME READY UP-TO-DATE AVAILABLE AGE
-crossplane 1/1 1 1 8m13s
-crossplane-rbac-manager 1/1 1 1 8m13s
-```
-
-### Crossplane deployment
-The Crossplane deployment starts with the `crossplane-init container`. The
-`init` container installs the Crossplane _Custom Resource Definitions_ into the
-Kubernetes cluster.
-
-After the `init` container finishes, the `crossplane` pod manages two Kubernetes
-controllers.
-* The _Package Manager controller_ installs the
-provider, function and configuration packages.
-* The _Composition controller_ installs and manages the
-Crossplane _Composite Resource Definitions_, _Compositions_ and _Claims_.
-
-### Crossplane RBAC manager deployment
-The `crossplane-rbac-manager` creates and manages Kubernetes _ClusterRoles_ for
-installed Crossplane _Provider_ and their _Custom Resource Definitions_.
-
-The
-[Crossplane RBAC Manager design document](https://github.com/crossplane/crossplane/blob/main/design/design-doc-rbac-manager.md)
-has more information on the installed _ClusterRoles_.
-
-## Installation options
-
-### Customize the Crossplane Helm chart
-Crossplane supports customizations at install time by configuring the Helm
-chart.
-
-Apply customizations with the command line or with a Helm _values_ file.
-
-
-
-
-{{}}
-{{< table "table table-hover table-striped table-sm">}}
-| Parameter | Description | Default |
-| --- | --- | --- |
-| `affinity` | Add `affinities` to the Crossplane pod deployment. | `{}` |
-| `args` | Add custom arguments to the Crossplane pod. | `[]` |
-| `configuration.packages` | A list of Configuration packages to install. | `[]` |
-| `customAnnotations` | Add custom `annotations` to the Crossplane pod deployment. | `{}` |
-| `customLabels` | Add custom `labels` to the Crossplane pod deployment. | `{}` |
-| `deploymentStrategy` | The deployment strategy for the Crossplane and RBAC Manager pods. | `"RollingUpdate"` |
-| `dnsPolicy` | Specify the `dnsPolicy` to be used by the Crossplane pod. | `""` |
-| `extraEnvVarsCrossplane` | Add custom environmental variables to the Crossplane pod deployment. Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`. | `{}` |
-| `extraEnvVarsRBACManager` | Add custom environmental variables to the RBAC Manager pod deployment. Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`. | `{}` |
-| `extraObjects` | To add arbitrary Kubernetes Objects during a Helm Install | `[]` |
-| `extraVolumeMountsCrossplane` | Add custom `volumeMounts` to the Crossplane pod. | `{}` |
-| `extraVolumesCrossplane` | Add custom `volumes` to the Crossplane pod. | `{}` |
-| `function.packages` | A list of Function packages to install | `[]` |
-| `hostNetwork` | Enable `hostNetwork` for the Crossplane deployment. Caution: enabling `hostNetwork` grants the Crossplane Pod access to the host network namespace. Consider setting `dnsPolicy` to `ClusterFirstWithHostNet`. | `false` |
-| `image.pullPolicy` | The image pull policy used for Crossplane and RBAC Manager pods. | `"IfNotPresent"` |
-| `image.repository` | Repository for the Crossplane pod image. | `"xpkg.crossplane.io/crossplane/crossplane"` |
-| `image.tag` | The Crossplane image tag. Defaults to the value of `appVersion` in `Chart.yaml`. | `""` |
-| `imagePullSecrets` | The imagePullSecret names to add to the Crossplane ServiceAccount. | `[]` |
-| `leaderElection` | Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the Crossplane pod. | `true` |
-| `metrics.enabled` | Enable Prometheus path, port and scrape annotations and expose port 8080 for both the Crossplane and RBAC Manager pods. | `false` |
-| `metrics.port` | The port the metrics server listens on. | `""` |
-| `nodeSelector` | Add `nodeSelectors` to the Crossplane pod deployment. | `{}` |
-| `packageCache.configMap` | The name of a ConfigMap to use as the package cache. Disables the default package cache `emptyDir` Volume. | `""` |
-| `packageCache.medium` | Set to `Memory` to hold the package cache in a RAM backed file system. Useful for Crossplane development. | `""` |
-| `packageCache.pvc` | The name of a PersistentVolumeClaim to use as the package cache. Disables the default package cache `emptyDir` Volume. | `""` |
-| `packageCache.sizeLimit` | The size limit for the package cache. If medium is `Memory` the `sizeLimit` can't exceed Node memory. | `"20Mi"` |
-| `packageManager.enableAutomaticDependencyDowngrade` | Enable automatic dependency version downgrades. This configuration is only used when `--enable-dependency-version-upgrades` flag is passed. | `false` |
-| `podSecurityContextCrossplane` | Add a custom `securityContext` to the Crossplane pod. | `{}` |
-| `podSecurityContextRBACManager` | Add a custom `securityContext` to the RBAC Manager pod. | `{}` |
-| `priorityClassName` | The PriorityClass name to apply to the Crossplane and RBAC Manager pods. | `""` |
-| `provider.packages` | A list of Provider packages to install. | `[]` |
-| `rbacManager.affinity` | Add `affinities` to the RBAC Manager pod deployment. | `{}` |
-| `rbacManager.args` | Add custom arguments to the RBAC Manager pod. | `[]` |
-| `rbacManager.deploy` | Deploy the RBAC Manager pod and its required roles. | `true` |
-| `rbacManager.leaderElection` | Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the RBAC Manager pod. | `true` |
-| `rbacManager.nodeSelector` | Add `nodeSelectors` to the RBAC Manager pod deployment. | `{}` |
-| `rbacManager.replicas` | The number of RBAC Manager pod `replicas` to deploy. | `1` |
-| `rbacManager.revisionHistoryLimit` | The number of RBAC Manager ReplicaSets to retain. | `nil` |
-| `rbacManager.skipAggregatedClusterRoles` | Don't install aggregated Crossplane ClusterRoles. | `false` |
-| `rbacManager.tolerations` | Add `tolerations` to the RBAC Manager pod deployment. | `[]` |
-| `rbacManager.topologySpreadConstraints` | Add `topologySpreadConstraints` to the RBAC Manager pod deployment. | `[]` |
-| `readiness.port` | The port the readyz server listens on. | `""` |
-| `registryCaBundleConfig.key` | The ConfigMap key containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates. | `""` |
-| `registryCaBundleConfig.name` | The ConfigMap name containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates. | `""` |
-| `replicas` | The number of Crossplane pod `replicas` to deploy. | `1` |
-| `resourcesCrossplane.limits.cpu` | CPU resource limits for the Crossplane pod. | `"500m"` |
-| `resourcesCrossplane.limits.memory` | Memory resource limits for the Crossplane pod. | `"1024Mi"` |
-| `resourcesCrossplane.requests.cpu` | CPU resource requests for the Crossplane pod. | `"100m"` |
-| `resourcesCrossplane.requests.memory` | Memory resource requests for the Crossplane pod. | `"256Mi"` |
-| `resourcesRBACManager.limits.cpu` | CPU resource limits for the RBAC Manager pod. | `"100m"` |
-| `resourcesRBACManager.limits.memory` | Memory resource limits for the RBAC Manager pod. | `"512Mi"` |
-| `resourcesRBACManager.requests.cpu` | CPU resource requests for the RBAC Manager pod. | `"100m"` |
-| `resourcesRBACManager.requests.memory` | Memory resource requests for the RBAC Manager pod. | `"256Mi"` |
-| `revisionHistoryLimit` | The number of Crossplane ReplicaSets to retain. | `nil` |
-| `securityContextCrossplane.allowPrivilegeEscalation` | Enable `allowPrivilegeEscalation` for the Crossplane pod. | `false` |
-| `securityContextCrossplane.readOnlyRootFilesystem` | Set the Crossplane pod root file system as read-only. | `true` |
-| `securityContextCrossplane.runAsGroup` | The group ID used by the Crossplane pod. | `65532` |
-| `securityContextCrossplane.runAsUser` | The user ID used by the Crossplane pod. | `65532` |
-| `securityContextRBACManager.allowPrivilegeEscalation` | Enable `allowPrivilegeEscalation` for the RBAC Manager pod. | `false` |
-| `securityContextRBACManager.readOnlyRootFilesystem` | Set the RBAC Manager pod root file system as read-only. | `true` |
-| `securityContextRBACManager.runAsGroup` | The group ID used by the RBAC Manager pod. | `65532` |
-| `securityContextRBACManager.runAsUser` | The user ID used by the RBAC Manager pod. | `65532` |
-| `service.customAnnotations` | Configure annotations on the service object. Only enabled when webhooks.enabled = true | `{}` |
-| `serviceAccount.create` | Specifies whether Crossplane ServiceAccount should be created | `true` |
-| `serviceAccount.customAnnotations` | Add custom `annotations` to the Crossplane ServiceAccount. | `{}` |
-| `serviceAccount.name` | Provide the name of an already created Crossplane ServiceAccount. Required when `serviceAccount.create` is `false` | `""` |
-| `tolerations` | Add `tolerations` to the Crossplane pod deployment. | `[]` |
-| `topologySpreadConstraints` | Add `topologySpreadConstraints` to the Crossplane pod deployment. | `[]` |
-| `webhooks.enabled` | Enable webhooks for Crossplane and installed Provider packages. | `true` |
-| `webhooks.port` | The port the webhook server listens on. | `""` |
-{{< /table >}}
-{{< /expand >}}
-
-
-#### Command line customization
-
-Apply custom settings at the command line with
-`helm install crossplane --set =`.
-
-For example, to change the image pull policy:
-
-```shell
-helm install crossplane \
---namespace crossplane-system \
---create-namespace \
-crossplane-stable/crossplane \
---set image.pullPolicy=Always
-```
-
-Helm supports comma-separated arguments.
-
-For example, to change the image pull policy and number of replicas:
-
-```shell
-helm install crossplane \
---namespace crossplane-system \
---create-namespace \
-crossplane-stable/crossplane \
---set image.pullPolicy=Always,replicas=2
-```
-
-#### Helm values file
-
-Apply custom settings in a Helm _values_ file with
-`helm install crossplane -f `.
-
-A YAML file defines the customized settings.
-
-For example, to change the image pull policy and number of replicas:
-
-Create a YAML with the customized settings.
-
-```yaml
-replicas: 2
-
-image:
- pullPolicy: Always
-```
-
-Apply the file with `helm install`:
-
-```shell
-helm install crossplane \
---namespace crossplane-system \
---create-namespace \
-crossplane-stable/crossplane \
--f settings.yaml
-```
-
-#### Feature flags
-
-Crossplane introduces new features behind feature flags. By default
-alpha features are off. Crossplane enables beta features by default. To enable a
-feature flag, set the `args` value in the Helm chart. Available feature flags
-can be directly found by running `crossplane core start --help`, or by looking
-at the table below.
-
-{{< expand "Feature flags" >}}
-{{< table caption="Feature flags" >}}
-| Status | Flag | Description |
-| --- | --- | --- |
-| Beta | `--enable-composition-webhook-schema-validation` | Enable Composition validation using schemas. |
-| Beta | `--enable-deployment-runtime-configs` | Enable support for DeploymentRuntimeConfigs. |
-| Beta | `--enable-usages` | Enable support for Usages. |
-| Beta | `--enable-ssa-claims` | Enable support for using server-side apply to sync claims with XRs. |
-| Alpha | `--enable-external-secret-stores` | Enable support for External Secret Stores. |
-| Alpha | `--enable-realtime-compositions` | Enable support for real time compositions. |
-| Alpha | `--enable-dependency-version-upgrades ` | Enable automatic version upgrades of dependencies when updating packages. |
-| Alpha | `--enable-signature-verification` | Enable support for package signature verification via ImageConfig API. |
-{{< /table >}}
-{{< /expand >}}
-
-Set these flags either in the `values.yaml` file or at install time using the
-`--set` flag, for example: `--set
-args='{"--enable-composition-functions","--enable-composition-webhook-schema-validation"}'`.
-
-#### Change the default package registry
-
-Beginning with Crossplane version 1.20.0 Crossplane uses the [crossplane-contrib](https://github.com/orgs/crossplane-contrib/packages) GitHub Container Registry at `xpkg.crossplane.io` by default for downloading and
-installing packages.
-
-Change the default registry location during the Crossplane install with
-`--set args='{"--registry=index.docker.io"}'`.
-
-### Install pre-release Crossplane versions
-Install a pre-release versions of Crossplane from the `master` Crossplane Helm channel.
-
-Versions in the `master` channel are under active development and may be unstable.
-
-{{< hint "warning" >}}
-Don't use Crossplane `master` releases in production. Only use `stable` channel.
-Only use `master` for testing and development.
-{{< /hint >}}
-
-
-#### Add the Crossplane master Helm repository
-
-Add the Crossplane repository with the `helm repo add` command.
-
-```shell
-helm repo add crossplane-master https://charts.crossplane.io/master/
-```
-
-Update the
-local Helm chart cache with `helm repo update`.
-```shell
-helm repo update
-```
-
-#### Install the Crossplane master Helm chart
-
-Install the Crossplane `master` Helm chart with `helm install`.
-
-{{< hint "tip" >}}
-View the changes Crossplane makes to your cluster with the
-`helm install --dry-run --debug` options. Helm shows what configurations it
-applies without making changes to the Kubernetes cluster.
-{{< /hint >}}
-
-Crossplane creates and installs into the `crossplane-system` namespace.
-
-```shell
-helm install crossplane \
---namespace crossplane-system \
---create-namespace crossplane-master/crossplane \
---devel
-```
-
-## Crossplane distributions
-Third-party vendors may maintain their own Crossplane distributions. Vendor
-supported distribution may have features or tooling that isn't in the
-Community Crossplane distribution.
-
-The CNCF certified third-party distributions as
-"[conformant](https://github.com/cncf/crossplane-conformance)" with the
-Community Crossplane distribution.
diff --git a/content/v2.1/_index.md b/content/v2.1/_index.md
new file mode 100644
index 000000000..592681dfa
--- /dev/null
+++ b/content/v2.1/_index.md
@@ -0,0 +1,42 @@
+---
+title: "Welcome"
+weight: -1
+description: "Control plane framework for building cloud native platforms"
+cascade:
+ version: "2.1"
+---
+
+Welcome to the Crossplane documentation. Crossplane is a control plane framework
+for platform engineering.
+
+# Using the documentation
+
+Crossplane organizes its documentation into the following sections:
+
+* [What's Crossplane?]({{[}}) introduces Crossplane
+ and explains why you should use it.
+
+* [What's New in v2?]({{][}}) highlights what's changed in
+ Crossplane v2.
+
+* [Get Started]({{][}}) explains how to install Crossplane and
+ create a control plane.
+
+* [Composition]({{][}}) covers the key concepts of composition.
+
+* [Operations]({{][}}) covers the key concepts of operations.
+
+* [Managed Resources]({{][}}) covers the key concepts of
+ managed resources.
+
+* [Packages]({{][}}) covers the key concepts of the Crossplane
+ package manager.
+
+* [Guides]({{][}}) guide you through common use cases, like
+ monitoring Crossplane or extending it by writing a composition function.
+
+* [CLI Reference]({{][}}) documents the `crossplane` command-line
+ interface that you can use to configure a Crossplane control plane.
+
+* [API Reference]({{][}}) documents the APIs that you can use to
+ configure a Crossplane control plane.
diff --git a/content/v1.19/api/_index.md b/content/v2.1/api/_index.md
similarity index 71%
rename from content/v1.19/api/_index.md
rename to content/v2.1/api/_index.md
index 6075e613f..685d4dacc 100644
--- a/content/v1.19/api/_index.md
+++ b/content/v2.1/api/_index.md
@@ -8,6 +8,3 @@ cascade:
The Crossplane API describes the types and parameters for the core Crossplane
components.
-
-For details on the components read the [Concepts]({{][}})
-section.
\ No newline at end of file
diff --git a/content/v2.1/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml b/content/v2.1/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml
new file mode 100644
index 000000000..e5fc9eb93
--- /dev/null
+++ b/content/v2.1/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml
@@ -0,0 +1,1192 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ name: compositeresourcedefinitions.apiextensions.crossplane.io
+spec:
+ group: apiextensions.crossplane.io
+ names:
+ categories:
+ - crossplane
+ kind: CompositeResourceDefinition
+ listKind: CompositeResourceDefinitionList
+ plural: compositeresourcedefinitions
+ shortNames:
+ - xrd
+ - xrds
+ singular: compositeresourcedefinition
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Established')].status
+ name: ESTABLISHED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Offered')].status
+ name: OFFERED
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ deprecated: true
+ deprecationWarning: CompositeResourceDefinition v1 is deprecated and will be removed
+ in a future release; consider migrating to v2
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A CompositeResourceDefinition defines the schema for a new custom Kubernetes
+ API.
+
+ Read the Crossplane documentation for
+ [more information about CustomResourceDefinitions](https://docs.crossplane.io/latest/concepts/composite-resource-definitions).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CompositeResourceDefinitionSpec specifies the desired state
+ of the definition.
+ properties:
+ claimNames:
+ description: |-
+ ClaimNames specifies the names of an optional composite resource claim.
+ When claim names are specified Crossplane will create a namespaced
+ 'composite resource claim' CRD that corresponds to the defined composite
+ resource. This composite resource claim acts as a namespaced proxy for
+ the composite resource; creating, updating, or deleting the claim will
+ create, update, or delete a corresponding composite resource. You may add
+ claim names to an existing CompositeResourceDefinition, but they cannot
+ be changed or removed once they have been set.
+ properties:
+ categories:
+ description: |-
+ categories is a list of grouped resources this custom resource belongs to (e.g. 'all').
+ This is published in API discovery documents, and used by clients to support invocations like
+ `kubectl get all`.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ kind:
+ description: |-
+ kind is the serialized kind of the resource. It is normally CamelCase and singular.
+ Custom resource instances will use this value as the `kind` attribute in API calls.
+ type: string
+ listKind:
+ description: listKind is the serialized kind of the list for this
+ resource. Defaults to "`kind`List".
+ type: string
+ plural:
+ description: |-
+ plural is the plural name of the resource to serve.
+ The custom resources are served under `/apis///.../`.
+ Must match the name of the CustomResourceDefinition (in the form `.`).
+ Must be all lowercase.
+ type: string
+ shortNames:
+ description: |-
+ shortNames are short names for the resource, exposed in API discovery documents,
+ and used by clients to support invocations like `kubectl get `.
+ It must be all lowercase.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ singular:
+ description: singular is the singular name of the resource. It
+ must be all lowercase. Defaults to lowercased `kind`.
+ type: string
+ required:
+ - kind
+ - plural
+ type: object
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ - message: Plural name must be lowercase
+ rule: self.plural == self.plural.lowerAscii()
+ - message: Singular name must be lowercase
+ rule: '!has(self.singular) || self.singular == self.singular.lowerAscii()'
+ connectionSecretKeys:
+ description: |-
+ ConnectionSecretKeys is the list of connection secret keys the
+ defined XR can publish. If the list is empty, all keys will be
+ published. If the list isn't empty, any connection secret keys that
+ don't appear in the list will be filtered out. Only LegacyCluster XRs
+ support connection secrets.
+ items:
+ type: string
+ type: array
+ conversion:
+ description: Conversion defines all conversion settings for the defined
+ Composite resource.
+ properties:
+ strategy:
+ description: |-
+ strategy specifies how custom resources are converted between versions. Allowed values are:
+ - `"None"`: The converter only change the apiVersion and would not touch any other field in the custom resource.
+ - `"Webhook"`: API Server will call to an external webhook to do the conversion. Additional information
+ is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhook to be set.
+ type: string
+ webhook:
+ description: webhook describes how to call the conversion webhook.
+ Required when `strategy` is set to `"Webhook"`.
+ properties:
+ clientConfig:
+ description: clientConfig is the instructions for how to call
+ the webhook if strategy is `Webhook`.
+ properties:
+ caBundle:
+ description: |-
+ caBundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
+ If unspecified, system trust roots on the apiserver are used.
+ format: byte
+ type: string
+ service:
+ description: |-
+ service is a reference to the service for this webhook. Either
+ service or url must be specified.
+
+ If the webhook is running within the cluster, then you should use `service`.
+ properties:
+ name:
+ description: |-
+ name is the name of the service.
+ Required
+ type: string
+ namespace:
+ description: |-
+ namespace is the namespace of the service.
+ Required
+ type: string
+ path:
+ description: path is an optional URL path at which
+ the webhook will be contacted.
+ type: string
+ port:
+ description: |-
+ port is an optional service port at which the webhook will be contacted.
+ `port` should be a valid port number (1-65535, inclusive).
+ Defaults to 443 for backward compatibility.
+ format: int32
+ type: integer
+ required:
+ - name
+ - namespace
+ type: object
+ url:
+ description: |-
+ url gives the location of the webhook, in standard URL form
+ (`scheme://host:port/path`). Exactly one of `url` or `service`
+ must be specified.
+
+ The `host` should not refer to a service running in the cluster; use
+ the `service` field instead. The host might be resolved via external
+ DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
+ in-cluster DNS as that would be a layering violation). `host` may
+ also be an IP address.
+
+ Please note that using `localhost` or `127.0.0.1` as a `host` is
+ risky unless you take great care to run this webhook on all hosts
+ which run an apiserver which might need to make calls to this
+ webhook. Such installs are likely to be non-portable, i.e., not easy
+ to turn up in a new cluster.
+
+ The scheme must be "https"; the URL must begin with "https://".
+
+ A path is optional, and if present may be any string permissible in
+ a URL. You may use the path to pass an arbitrary string to the
+ webhook, for example, a cluster identifier.
+
+ Attempting to use a user or basic auth e.g. "user:password@" is not
+ allowed. Fragments ("#...") and query parameters ("?...") are not
+ allowed, either.
+ type: string
+ type: object
+ conversionReviewVersions:
+ description: |-
+ conversionReviewVersions is an ordered list of preferred `ConversionReview`
+ versions the Webhook expects. The API server will use the first version in
+ the list which it supports. If none of the versions specified in this list
+ are supported by API server, conversion will fail for the custom resource.
+ If a persisted Webhook configuration specifies allowed versions and does not
+ include any versions known to the API Server, calls to the webhook will fail.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - conversionReviewVersions
+ type: object
+ required:
+ - strategy
+ type: object
+ x-kubernetes-validations:
+ - message: Webhook configuration is required when conversion strategy
+ is Webhook
+ rule: self.strategy == 'Webhook' && has(self.webhook)
+ defaultCompositeDeletePolicy:
+ default: Background
+ description: |-
+ DefaultCompositeDeletePolicy is the policy used when deleting the Composite
+ that is associated with the Claim if no policy has been specified.
+ enum:
+ - Background
+ - Foreground
+ type: string
+ defaultCompositionRef:
+ description: |-
+ DefaultCompositionRef refers to the Composition resource that will be used
+ in case no composition selector is given.
+ properties:
+ name:
+ description: Name of the Composition.
+ type: string
+ required:
+ - name
+ type: object
+ defaultCompositionUpdatePolicy:
+ default: Automatic
+ description: |-
+ DefaultCompositionUpdatePolicy is the policy used when updating composites after a new
+ Composition Revision has been created if no policy has been specified on the composite.
+ enum:
+ - Automatic
+ - Manual
+ type: string
+ enforcedCompositionRef:
+ description: |-
+ EnforcedCompositionRef refers to the Composition resource that will be used
+ by all composite instances whose schema is defined by this definition.
+ properties:
+ name:
+ description: Name of the Composition.
+ type: string
+ required:
+ - name
+ type: object
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ group:
+ description: |-
+ Group specifies the API group of the defined composite resource.
+ Composite resources are served under `/apis//...`. Must match the
+ name of the XRD (in the form `.`).
+ type: string
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ metadata:
+ description: Metadata specifies the desired metadata for the defined
+ composite resource and claim CRD's.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
+ and services.
+ These labels are added to the composite resource and claim CRD's in addition
+ to any labels defined by `CompositionResourceDefinition` `metadata.labels`.
+ type: object
+ type: object
+ names:
+ description: |-
+ Names specifies the resource and kind names of the defined composite
+ resource.
+ properties:
+ categories:
+ description: |-
+ categories is a list of grouped resources this custom resource belongs to (e.g. 'all').
+ This is published in API discovery documents, and used by clients to support invocations like
+ `kubectl get all`.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ kind:
+ description: |-
+ kind is the serialized kind of the resource. It is normally CamelCase and singular.
+ Custom resource instances will use this value as the `kind` attribute in API calls.
+ type: string
+ listKind:
+ description: listKind is the serialized kind of the list for this
+ resource. Defaults to "`kind`List".
+ type: string
+ plural:
+ description: |-
+ plural is the plural name of the resource to serve.
+ The custom resources are served under `/apis///.../`.
+ Must match the name of the CustomResourceDefinition (in the form `.`).
+ Must be all lowercase.
+ type: string
+ shortNames:
+ description: |-
+ shortNames are short names for the resource, exposed in API discovery documents,
+ and used by clients to support invocations like `kubectl get `.
+ It must be all lowercase.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ singular:
+ description: singular is the singular name of the resource. It
+ must be all lowercase. Defaults to lowercased `kind`.
+ type: string
+ required:
+ - kind
+ - plural
+ type: object
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ - message: Plural name must be lowercase
+ rule: self.plural == self.plural.lowerAscii()
+ - message: Singular name must be lowercase
+ rule: '!has(self.singular) || self.singular == self.singular.lowerAscii()'
+ scope:
+ default: LegacyCluster
+ description: |-
+ Scope of the defined composite resource. Namespaced composite resources
+ are scoped to a single namespace. Cluster scoped composite resource exist
+ outside the scope of any namespace. Neither can be claimed. Legacy
+ cluster scoped composite resources are cluster scoped resources that can
+ be claimed.
+ enum:
+ - LegacyCluster
+ - Namespaced
+ - Cluster
+ type: string
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ versions:
+ description: |-
+ Versions is the list of all API versions of the defined composite
+ resource. Version names are used to compute the order in which served
+ versions are listed in API discovery. If the version string is
+ "kube-like", it will sort above non "kube-like" version strings, which
+ are ordered lexicographically. "Kube-like" versions start with a "v",
+ then are followed by a number (the major version), then optionally the
+ string "alpha" or "beta" and another number (the minor version). These
+ are sorted first by GA > beta > alpha (where GA is a version with no
+ suffix such as beta or alpha), and then by comparing major version, then
+ minor version. An example sorted list of versions: v10, v2, v1, v11beta2,
+ v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.
+ items:
+ description: CompositeResourceDefinitionVersion describes a version
+ of an XR.
+ properties:
+ additionalPrinterColumns:
+ description: |-
+ AdditionalPrinterColumns specifies additional columns returned in Table
+ output. If no columns are specified, a single column displaying the age
+ of the custom resource is used. See the following link for details:
+ https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables
+ items:
+ description: CustomResourceColumnDefinition specifies a column
+ for server side printing.
+ properties:
+ description:
+ description: description is a human readable description
+ of this column.
+ type: string
+ format:
+ description: |-
+ format is an optional OpenAPI type definition for this column. The 'name' format is applied
+ to the primary identifier column to assist in clients identifying column is the resource name.
+ See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.
+ type: string
+ jsonPath:
+ description: |-
+ jsonPath is a simple JSON path (i.e. with array notation) which is evaluated against
+ each custom resource to produce the value for this column.
+ type: string
+ name:
+ description: name is a human readable name for the column.
+ type: string
+ priority:
+ description: |-
+ priority is an integer defining the relative importance of this column compared to others. Lower
+ numbers are considered higher priority. Columns that may be omitted in limited space scenarios
+ should be given a priority greater than 0.
+ format: int32
+ type: integer
+ type:
+ description: |-
+ type is an OpenAPI type definition for this column.
+ See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.
+ type: string
+ required:
+ - jsonPath
+ - name
+ - type
+ type: object
+ type: array
+ deprecated:
+ description: |-
+ The deprecated field specifies that this version is deprecated and should
+ not be used.
+ type: boolean
+ deprecationWarning:
+ description: |-
+ DeprecationWarning specifies the message that should be shown to the user
+ when using this version.
+ maxLength: 256
+ type: string
+ name:
+ description: |-
+ Name of this version, e.g. “v1”, “v2beta1”, etc. Composite resources are
+ served under this version at `/apis///...` if `served` is
+ true.
+ type: string
+ referenceable:
+ description: |-
+ Referenceable specifies that this version may be referenced by a
+ Composition in order to configure which resources an XR may be composed
+ of. Exactly one version must be marked as referenceable; all Compositions
+ must target only the referenceable version. The referenceable version
+ must be served. It's mapped to the CRD's `spec.versions[*].storage` field.
+ type: boolean
+ schema:
+ description: |-
+ Schema describes the schema used for validation, pruning, and defaulting
+ of this version of the defined composite resource. Fields required by all
+ composite resources will be injected into this schema automatically, and
+ will override equivalently named fields in this schema. Omitting this
+ schema results in a schema that contains only the fields required by all
+ composite resources.
+ properties:
+ openAPIV3Schema:
+ description: |-
+ OpenAPIV3Schema is the OpenAPI v3 schema to use for validation and
+ pruning.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served:
+ description: Served specifies that this version should be served
+ via REST APIs.
+ type: boolean
+ required:
+ - name
+ - referenceable
+ - served
+ type: object
+ type: array
+ required:
+ - group
+ - names
+ - versions
+ type: object
+ x-kubernetes-validations:
+ - message: Only LegacyCluster composite resources can offer claims
+ rule: self.scope == 'LegacyCluster' || !has(self.claimNames)
+ - message: Only LegacyCluster composite resources support connection secrets
+ rule: self.scope == 'LegacyCluster' || !has(self.connectionSecretKeys)
+ status:
+ description: CompositeResourceDefinitionStatus shows the observed state
+ of the definition.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ controllers:
+ description: |-
+ Controllers represents the status of the controllers that power this
+ composite resource definition.
+ properties:
+ compositeResourceClaimType:
+ description: |-
+ The CompositeResourceClaimTypeRef is the type of composite resource claim
+ that Crossplane is currently reconciling for this definition. Its version
+ will eventually become consistent with the definition's referenceable
+ version. Note that clients may interact with any served type; this is
+ simply the type that Crossplane interacts with.
+ properties:
+ apiVersion:
+ description: APIVersion of the type.
+ type: string
+ kind:
+ description: Kind of the type.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ type: object
+ compositeResourceType:
+ description: |-
+ The CompositeResourceTypeRef is the type of composite resource that
+ Crossplane is currently reconciling for this definition. Its version will
+ eventually become consistent with the definition's referenceable version.
+ Note that clients may interact with any served type; this is simply the
+ type that Crossplane interacts with.
+ properties:
+ apiVersion:
+ description: APIVersion of the type.
+ type: string
+ kind:
+ description: Kind of the type.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ type: object
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Established')].status
+ name: ESTABLISHED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Offered')].status
+ name: OFFERED
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v2
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A CompositeResourceDefinition defines the schema for a new custom Kubernetes
+ API.
+
+ Read the Crossplane documentation for
+ [more information about CustomResourceDefinitions](https://docs.crossplane.io/latest/concepts/composite-resource-definitions).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CompositeResourceDefinitionSpec specifies the desired state
+ of the definition.
+ properties:
+ claimNames:
+ description: |-
+ ClaimNames specifies the names of an optional composite resource claim.
+ When claim names are specified Crossplane will create a namespaced
+ 'composite resource claim' CRD that corresponds to the defined composite
+ resource. This composite resource claim acts as a namespaced proxy for
+ the composite resource; creating, updating, or deleting the claim will
+ create, update, or delete a corresponding composite resource. You may add
+ claim names to an existing CompositeResourceDefinition, but they cannot
+ be changed or removed once they have been set.
+
+ Deprecated: Claims aren't supported in apiextensions.crossplane.io/v2.
+ properties:
+ categories:
+ description: |-
+ categories is a list of grouped resources this custom resource belongs to (e.g. 'all').
+ This is published in API discovery documents, and used by clients to support invocations like
+ `kubectl get all`.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ kind:
+ description: |-
+ kind is the serialized kind of the resource. It is normally CamelCase and singular.
+ Custom resource instances will use this value as the `kind` attribute in API calls.
+ type: string
+ listKind:
+ description: listKind is the serialized kind of the list for this
+ resource. Defaults to "`kind`List".
+ type: string
+ plural:
+ description: |-
+ plural is the plural name of the resource to serve.
+ The custom resources are served under `/apis///.../`.
+ Must match the name of the CustomResourceDefinition (in the form `.`).
+ Must be all lowercase.
+ type: string
+ shortNames:
+ description: |-
+ shortNames are short names for the resource, exposed in API discovery documents,
+ and used by clients to support invocations like `kubectl get `.
+ It must be all lowercase.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ singular:
+ description: singular is the singular name of the resource. It
+ must be all lowercase. Defaults to lowercased `kind`.
+ type: string
+ required:
+ - kind
+ - plural
+ type: object
+ connectionSecretKeys:
+ description: |-
+ ConnectionSecretKeys is the list of connection secret keys the
+ defined XR can publish. If the list is empty, all keys will be
+ published. If the list isn't empty, any connection secret keys that
+ don't appear in the list will be filtered out. Only LegacyCluster XRs
+ support connection secrets.
+
+ Deprecated: XR connection secrets aren't supported in
+ apiextensions.crossplane.io/v2. Compose a secret instead.
+ items:
+ type: string
+ type: array
+ conversion:
+ description: Conversion defines all conversion settings for the defined
+ Composite resource.
+ properties:
+ strategy:
+ description: |-
+ strategy specifies how custom resources are converted between versions. Allowed values are:
+ - `"None"`: The converter only change the apiVersion and would not touch any other field in the custom resource.
+ - `"Webhook"`: API Server will call to an external webhook to do the conversion. Additional information
+ is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhook to be set.
+ type: string
+ webhook:
+ description: webhook describes how to call the conversion webhook.
+ Required when `strategy` is set to `"Webhook"`.
+ properties:
+ clientConfig:
+ description: clientConfig is the instructions for how to call
+ the webhook if strategy is `Webhook`.
+ properties:
+ caBundle:
+ description: |-
+ caBundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
+ If unspecified, system trust roots on the apiserver are used.
+ format: byte
+ type: string
+ service:
+ description: |-
+ service is a reference to the service for this webhook. Either
+ service or url must be specified.
+
+ If the webhook is running within the cluster, then you should use `service`.
+ properties:
+ name:
+ description: |-
+ name is the name of the service.
+ Required
+ type: string
+ namespace:
+ description: |-
+ namespace is the namespace of the service.
+ Required
+ type: string
+ path:
+ description: path is an optional URL path at which
+ the webhook will be contacted.
+ type: string
+ port:
+ description: |-
+ port is an optional service port at which the webhook will be contacted.
+ `port` should be a valid port number (1-65535, inclusive).
+ Defaults to 443 for backward compatibility.
+ format: int32
+ type: integer
+ required:
+ - name
+ - namespace
+ type: object
+ url:
+ description: |-
+ url gives the location of the webhook, in standard URL form
+ (`scheme://host:port/path`). Exactly one of `url` or `service`
+ must be specified.
+
+ The `host` should not refer to a service running in the cluster; use
+ the `service` field instead. The host might be resolved via external
+ DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
+ in-cluster DNS as that would be a layering violation). `host` may
+ also be an IP address.
+
+ Please note that using `localhost` or `127.0.0.1` as a `host` is
+ risky unless you take great care to run this webhook on all hosts
+ which run an apiserver which might need to make calls to this
+ webhook. Such installs are likely to be non-portable, i.e., not easy
+ to turn up in a new cluster.
+
+ The scheme must be "https"; the URL must begin with "https://".
+
+ A path is optional, and if present may be any string permissible in
+ a URL. You may use the path to pass an arbitrary string to the
+ webhook, for example, a cluster identifier.
+
+ Attempting to use a user or basic auth e.g. "user:password@" is not
+ allowed. Fragments ("#...") and query parameters ("?...") are not
+ allowed, either.
+ type: string
+ type: object
+ conversionReviewVersions:
+ description: |-
+ conversionReviewVersions is an ordered list of preferred `ConversionReview`
+ versions the Webhook expects. The API server will use the first version in
+ the list which it supports. If none of the versions specified in this list
+ are supported by API server, conversion will fail for the custom resource.
+ If a persisted Webhook configuration specifies allowed versions and does not
+ include any versions known to the API Server, calls to the webhook will fail.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - conversionReviewVersions
+ type: object
+ required:
+ - strategy
+ type: object
+ defaultCompositeDeletePolicy:
+ description: |-
+ DefaultCompositeDeletePolicy is the policy used when deleting the Composite
+ that is associated with the Claim if no policy has been specified.
+
+ Deprecated: Claims aren't supported in apiextensions.crossplane.io/v2.
+ enum:
+ - Background
+ - Foreground
+ type: string
+ defaultCompositionRef:
+ description: |-
+ DefaultCompositionRef refers to the Composition resource that will be used
+ in case no composition selector is given.
+ properties:
+ name:
+ description: Name of the Composition.
+ type: string
+ required:
+ - name
+ type: object
+ defaultCompositionUpdatePolicy:
+ default: Automatic
+ description: |-
+ DefaultCompositionUpdatePolicy is the policy used when updating composites after a new
+ Composition Revision has been created if no policy has been specified on the composite.
+ enum:
+ - Automatic
+ - Manual
+ type: string
+ enforcedCompositionRef:
+ description: |-
+ EnforcedCompositionRef refers to the Composition resource that will be used
+ by all composite instances whose schema is defined by this definition.
+ properties:
+ name:
+ description: Name of the Composition.
+ type: string
+ required:
+ - name
+ type: object
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ group:
+ description: |-
+ Group specifies the API group of the defined composite resource.
+ Composite resources are served under `/apis//...`. Must match the
+ name of the XRD (in the form `.`).
+ type: string
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ metadata:
+ description: Metadata specifies the desired metadata for the defined
+ composite resource and claim CRD's.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
+ and services.
+ These labels are added to the composite resource and claim CRD's in addition
+ to any labels defined by `CompositionResourceDefinition` `metadata.labels`.
+ type: object
+ type: object
+ names:
+ description: |-
+ Names specifies the resource and kind names of the defined composite
+ resource.
+ properties:
+ categories:
+ description: |-
+ categories is a list of grouped resources this custom resource belongs to (e.g. 'all').
+ This is published in API discovery documents, and used by clients to support invocations like
+ `kubectl get all`.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ kind:
+ description: |-
+ kind is the serialized kind of the resource. It is normally CamelCase and singular.
+ Custom resource instances will use this value as the `kind` attribute in API calls.
+ type: string
+ listKind:
+ description: listKind is the serialized kind of the list for this
+ resource. Defaults to "`kind`List".
+ type: string
+ plural:
+ description: |-
+ plural is the plural name of the resource to serve.
+ The custom resources are served under `/apis///.../`.
+ Must match the name of the CustomResourceDefinition (in the form `.`).
+ Must be all lowercase.
+ type: string
+ shortNames:
+ description: |-
+ shortNames are short names for the resource, exposed in API discovery documents,
+ and used by clients to support invocations like `kubectl get `.
+ It must be all lowercase.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ singular:
+ description: singular is the singular name of the resource. It
+ must be all lowercase. Defaults to lowercased `kind`.
+ type: string
+ required:
+ - kind
+ - plural
+ type: object
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ - message: Plural name must be lowercase
+ rule: self.plural == self.plural.lowerAscii()
+ - message: Singular name must be lowercase
+ rule: '!has(self.singular) || self.singular == self.singular.lowerAscii()'
+ scope:
+ default: Namespaced
+ description: |-
+ Scope of the defined composite resource. Namespaced composite resources
+ are scoped to a single namespace. Cluster scoped composite resource exist
+ outside the scope of any namespace.
+ enum:
+ - Namespaced
+ - Cluster
+ type: string
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ versions:
+ description: |-
+ Versions is the list of all API versions of the defined composite
+ resource. Version names are used to compute the order in which served
+ versions are listed in API discovery. If the version string is
+ "kube-like", it will sort above non "kube-like" version strings, which
+ are ordered lexicographically. "Kube-like" versions start with a "v",
+ then are followed by a number (the major version), then optionally the
+ string "alpha" or "beta" and another number (the minor version). These
+ are sorted first by GA > beta > alpha (where GA is a version with no
+ suffix such as beta or alpha), and then by comparing major version, then
+ minor version. An example sorted list of versions: v10, v2, v1, v11beta2,
+ v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.
+ items:
+ description: CompositeResourceDefinitionVersion describes a version
+ of an XR.
+ properties:
+ additionalPrinterColumns:
+ description: |-
+ AdditionalPrinterColumns specifies additional columns returned in Table
+ output. If no columns are specified, a single column displaying the age
+ of the custom resource is used. See the following link for details:
+ https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables
+ items:
+ description: CustomResourceColumnDefinition specifies a column
+ for server side printing.
+ properties:
+ description:
+ description: description is a human readable description
+ of this column.
+ type: string
+ format:
+ description: |-
+ format is an optional OpenAPI type definition for this column. The 'name' format is applied
+ to the primary identifier column to assist in clients identifying column is the resource name.
+ See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.
+ type: string
+ jsonPath:
+ description: |-
+ jsonPath is a simple JSON path (i.e. with array notation) which is evaluated against
+ each custom resource to produce the value for this column.
+ type: string
+ name:
+ description: name is a human readable name for the column.
+ type: string
+ priority:
+ description: |-
+ priority is an integer defining the relative importance of this column compared to others. Lower
+ numbers are considered higher priority. Columns that may be omitted in limited space scenarios
+ should be given a priority greater than 0.
+ format: int32
+ type: integer
+ type:
+ description: |-
+ type is an OpenAPI type definition for this column.
+ See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.
+ type: string
+ required:
+ - jsonPath
+ - name
+ - type
+ type: object
+ type: array
+ deprecated:
+ description: |-
+ The deprecated field specifies that this version is deprecated and should
+ not be used.
+ type: boolean
+ deprecationWarning:
+ description: |-
+ DeprecationWarning specifies the message that should be shown to the user
+ when using this version.
+ maxLength: 256
+ type: string
+ name:
+ description: |-
+ Name of this version, e.g. “v1”, “v2beta1”, etc. Composite resources are
+ served under this version at `/apis///...` if `served` is
+ true.
+ type: string
+ referenceable:
+ description: |-
+ Referenceable specifies that this version may be referenced by a
+ Composition in order to configure which resources an XR may be composed
+ of. Exactly one version must be marked as referenceable; all Compositions
+ must target only the referenceable version. The referenceable version
+ must be served. It's mapped to the CRD's `spec.versions[*].storage` field.
+ type: boolean
+ schema:
+ description: |-
+ Schema describes the schema used for validation, pruning, and defaulting
+ of this version of the defined composite resource. Fields required by all
+ composite resources will be injected into this schema automatically, and
+ will override equivalently named fields in this schema. Omitting this
+ schema results in a schema that contains only the fields required by all
+ composite resources.
+ properties:
+ openAPIV3Schema:
+ description: |-
+ OpenAPIV3Schema is the OpenAPI v3 schema to use for validation and
+ pruning.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served:
+ description: Served specifies that this version should be served
+ via REST APIs.
+ type: boolean
+ required:
+ - name
+ - referenceable
+ - served
+ type: object
+ type: array
+ required:
+ - group
+ - names
+ - versions
+ type: object
+ x-kubernetes-validations:
+ - message: Claims aren't supported in apiextensions.crossplane.io/v2
+ rule: '!has(self.claimNames)'
+ - message: XR connection secrets aren't supported in apiextensions.crossplane.io/v2
+ rule: '!has(self.connectionSecretKeys)'
+ status:
+ description: CompositeResourceDefinitionStatus shows the observed state
+ of the definition.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ controllers:
+ description: |-
+ Controllers represents the status of the controllers that power this
+ composite resource definition.
+ properties:
+ compositeResourceClaimType:
+ description: |-
+ The CompositeResourceClaimTypeRef is the type of composite resource claim
+ that Crossplane is currently reconciling for this definition. Its version
+ will eventually become consistent with the definition's referenceable
+ version. Note that clients may interact with any served type; this is
+ simply the type that Crossplane interacts with.
+ properties:
+ apiVersion:
+ description: APIVersion of the type.
+ type: string
+ kind:
+ description: Kind of the type.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ type: object
+ compositeResourceType:
+ description: |-
+ The CompositeResourceTypeRef is the type of composite resource that
+ Crossplane is currently reconciling for this definition. Its version will
+ eventually become consistent with the definition's referenceable version.
+ Note that clients may interact with any served type; this is simply the
+ type that Crossplane interacts with.
+ properties:
+ apiVersion:
+ description: APIVersion of the type.
+ type: string
+ kind:
+ description: Kind of the type.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ type: object
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
diff --git a/content/v2.1/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml b/content/v2.1/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml
new file mode 100644
index 000000000..423193803
--- /dev/null
+++ b/content/v2.1/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml
@@ -0,0 +1,309 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ name: compositionrevisions.apiextensions.crossplane.io
+spec:
+ group: apiextensions.crossplane.io
+ names:
+ categories:
+ - crossplane
+ kind: CompositionRevision
+ listKind: CompositionRevisionList
+ plural: compositionrevisions
+ shortNames:
+ - comprev
+ singular: compositionrevision
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.revision
+ name: REVISION
+ type: string
+ - jsonPath: .spec.compositeTypeRef.kind
+ name: XR-KIND
+ type: string
+ - jsonPath: .spec.compositeTypeRef.apiVersion
+ name: XR-APIVERSION
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A CompositionRevision represents a revision of a Composition. Crossplane
+ creates new revisions when there are changes to the Composition.
+
+ Crossplane creates and manages CompositionRevisions. Don't directly edit
+ CompositionRevisions.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ CompositionRevisionSpec specifies the desired state of the composition
+ revision.
+ properties:
+ compositeTypeRef:
+ description: |-
+ CompositeTypeRef specifies the type of composite resource that this
+ composition is compatible with.
+ properties:
+ apiVersion:
+ description: APIVersion of the type.
+ type: string
+ kind:
+ description: Kind of the type.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ type: object
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ mode:
+ default: Pipeline
+ description: |-
+ Mode controls what type or "mode" of Composition will be used.
+
+ "Pipeline" indicates that a Composition specifies a pipeline of
+ functions, each of which is responsible for producing composed
+ resources that Crossplane should create or update.
+ enum:
+ - Pipeline
+ type: string
+ pipeline:
+ description: |-
+ Pipeline is a list of function steps that will be used when a
+ composite resource referring to this composition is created.
+
+ The Pipeline is only used by the "Pipeline" mode of Composition. It is
+ ignored by other modes.
+ items:
+ description: A PipelineStep in a function pipeline.
+ properties:
+ credentials:
+ description: Credentials are optional credentials that the function
+ needs.
+ items:
+ description: |-
+ FunctionCredentials are optional credentials that a function
+ needs to run.
+ properties:
+ name:
+ description: Name of this set of credentials.
+ type: string
+ secretRef:
+ description: |-
+ A SecretRef is a reference to a secret containing credentials that should
+ be supplied to the function.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ source:
+ description: Source of the function credentials.
+ enum:
+ - None
+ - Secret
+ type: string
+ required:
+ - name
+ - source
+ type: object
+ x-kubernetes-validations:
+ - message: the Secret source requires a secretRef
+ rule: self.source == 'Secret' && has(self.secretRef)
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ functionRef:
+ description: |-
+ FunctionRef is a reference to the function this step should
+ execute.
+ properties:
+ name:
+ description: Name of the referenced Function.
+ type: string
+ required:
+ - name
+ type: object
+ input:
+ description: |-
+ Input is an optional, arbitrary Kubernetes resource (i.e. a resource
+ with an apiVersion and kind) that will be passed to the function as
+ the 'input' of its RunFunctionRequest.
+ type: object
+ x-kubernetes-embedded-resource: true
+ x-kubernetes-preserve-unknown-fields: true
+ requirements:
+ description: |-
+ Requirements are resource requirements that will be satisfied before
+ this pipeline step is called for the first time. This allows
+ pre-populating required resources without requiring a function to
+ request them first.
+ properties:
+ requiredResources:
+ description: |-
+ RequiredResources is a list of resources that must be fetched before
+ this function is called.
+ items:
+ description: RequiredResourceSelector selects a required
+ resource.
+ properties:
+ apiVersion:
+ description: APIVersion of the required resource.
+ type: string
+ kind:
+ description: Kind of the required resource.
+ type: string
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ MatchLabels specifies the set of labels to match for finding the
+ required resource. When specified, Name is ignored.
+ type: object
+ name:
+ description: Name of the required resource.
+ type: string
+ namespace:
+ description: Namespace of the required resource if
+ it is namespaced.
+ type: string
+ requirementName:
+ description: |-
+ RequirementName is the unique name to identify this required resource
+ in the Required Resources map in the function request.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - requirementName
+ type: object
+ x-kubernetes-validations:
+ - message: Either name or matchLabels must be specified,
+ but not both
+ rule: (has(self.name) && !has(self.matchLabels)) ||
+ (!has(self.name) && has(self.matchLabels))
+ type: array
+ x-kubernetes-list-map-keys:
+ - requirementName
+ x-kubernetes-list-type: map
+ type: object
+ step:
+ description: Step name. Must be unique within its Pipeline.
+ type: string
+ required:
+ - functionRef
+ - step
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - step
+ x-kubernetes-list-type: map
+ revision:
+ description: |-
+ Revision number. Newer revisions have larger numbers.
+
+ This number can change. When a Composition transitions from state A
+ -> B -> A there will be only two CompositionRevisions. Crossplane will
+ edit the original CompositionRevision to change its revision number from
+ 0 to 2.
+ format: int64
+ type: integer
+ writeConnectionSecretsToNamespace:
+ description: |-
+ WriteConnectionSecretsToNamespace specifies the namespace in which the
+ connection secrets of composite resource dynamically provisioned using
+ this composition will be created.
+ type: string
+ required:
+ - compositeTypeRef
+ - revision
+ type: object
+ status:
+ description: |-
+ CompositionRevisionStatus shows the observed state of the composition
+ revision.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/content/v2.1/api/crds/apiextensions.crossplane.io_compositions.yaml b/content/v2.1/api/crds/apiextensions.crossplane.io_compositions.yaml
new file mode 100644
index 000000000..0ef1b95a8
--- /dev/null
+++ b/content/v2.1/api/crds/apiextensions.crossplane.io_compositions.yaml
@@ -0,0 +1,246 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ name: compositions.apiextensions.crossplane.io
+spec:
+ group: apiextensions.crossplane.io
+ names:
+ categories:
+ - crossplane
+ kind: Composition
+ listKind: CompositionList
+ plural: compositions
+ shortNames:
+ - comp
+ singular: composition
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.compositeTypeRef.kind
+ name: XR-KIND
+ type: string
+ - jsonPath: .spec.compositeTypeRef.apiVersion
+ name: XR-APIVERSION
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A Composition defines a collection of managed resources or functions that
+ Crossplane uses to create and manage new composite resources.
+
+ Read the Crossplane documentation for
+ [more information about Compositions](https://docs.crossplane.io/latest/concepts/compositions).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CompositionSpec specifies desired state of a composition.
+ properties:
+ compositeTypeRef:
+ description: |-
+ CompositeTypeRef specifies the type of composite resource that this
+ composition is compatible with.
+ properties:
+ apiVersion:
+ description: APIVersion of the type.
+ type: string
+ kind:
+ description: Kind of the type.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ type: object
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ mode:
+ default: Pipeline
+ description: |-
+ Mode controls what type or "mode" of Composition will be used.
+
+ "Pipeline" indicates that a Composition specifies a pipeline of
+ functions, each of which is responsible for producing composed
+ resources that Crossplane should create or update.
+ enum:
+ - Pipeline
+ type: string
+ pipeline:
+ description: |-
+ Pipeline is a list of composition function steps that will be used when a
+ composite resource referring to this composition is created. One of
+ resources and pipeline must be specified - you cannot specify both.
+
+ The Pipeline is only used by the "Pipeline" mode of Composition. It is
+ ignored by other modes.
+ items:
+ description: A PipelineStep in a function pipeline.
+ properties:
+ credentials:
+ description: Credentials are optional credentials that the function
+ needs.
+ items:
+ description: |-
+ FunctionCredentials are optional credentials that a function
+ needs to run.
+ properties:
+ name:
+ description: Name of this set of credentials.
+ type: string
+ secretRef:
+ description: |-
+ A SecretRef is a reference to a secret containing credentials that should
+ be supplied to the function.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ source:
+ description: Source of the function credentials.
+ enum:
+ - None
+ - Secret
+ type: string
+ required:
+ - name
+ - source
+ type: object
+ x-kubernetes-validations:
+ - message: the Secret source requires a secretRef
+ rule: self.source == 'Secret' && has(self.secretRef)
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ functionRef:
+ description: |-
+ FunctionRef is a reference to the function this step should
+ execute.
+ properties:
+ name:
+ description: Name of the referenced Function.
+ type: string
+ required:
+ - name
+ type: object
+ input:
+ description: |-
+ Input is an optional, arbitrary Kubernetes resource (i.e. a resource
+ with an apiVersion and kind) that will be passed to the function as
+ the 'input' of its RunFunctionRequest.
+ type: object
+ x-kubernetes-embedded-resource: true
+ x-kubernetes-preserve-unknown-fields: true
+ requirements:
+ description: |-
+ Requirements are resource requirements that will be satisfied before
+ this pipeline step is called for the first time. This allows
+ pre-populating required resources without requiring a function to
+ request them first.
+ properties:
+ requiredResources:
+ description: |-
+ RequiredResources is a list of resources that must be fetched before
+ this function is called.
+ items:
+ description: RequiredResourceSelector selects a required
+ resource.
+ properties:
+ apiVersion:
+ description: APIVersion of the required resource.
+ type: string
+ kind:
+ description: Kind of the required resource.
+ type: string
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ MatchLabels specifies the set of labels to match for finding the
+ required resource. When specified, Name is ignored.
+ type: object
+ name:
+ description: Name of the required resource.
+ type: string
+ namespace:
+ description: Namespace of the required resource if
+ it is namespaced.
+ type: string
+ requirementName:
+ description: |-
+ RequirementName is the unique name to identify this required resource
+ in the Required Resources map in the function request.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - requirementName
+ type: object
+ x-kubernetes-validations:
+ - message: Either name or matchLabels must be specified,
+ but not both
+ rule: (has(self.name) && !has(self.matchLabels)) ||
+ (!has(self.name) && has(self.matchLabels))
+ type: array
+ x-kubernetes-list-map-keys:
+ - requirementName
+ x-kubernetes-list-type: map
+ type: object
+ step:
+ description: Step name. Must be unique within its Pipeline.
+ type: string
+ required:
+ - functionRef
+ - step
+ type: object
+ maxItems: 99
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - step
+ x-kubernetes-list-type: map
+ writeConnectionSecretsToNamespace:
+ description: |-
+ WriteConnectionSecretsToNamespace specifies the namespace in which the
+ connection secrets of composite resource dynamically provisioned using
+ this composition will be created.
+ type: string
+ required:
+ - compositeTypeRef
+ type: object
+ x-kubernetes-validations:
+ - message: an array of pipeline steps is required in Pipeline mode
+ rule: self.mode == 'Pipeline' && has(self.pipeline)
+ type: object
+ served: true
+ storage: true
+ subresources: {}
diff --git a/content/v1.19/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml b/content/v2.1/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml
similarity index 54%
rename from content/v1.19/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml
rename to content/v2.1/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml
index 0919a0017..8e2c446f8 100644
--- a/content/v1.19/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml
+++ b/content/v2.1/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.16.5
+ controller-gen.kubebuilder.io/version: v0.19.0
name: environmentconfigs.apiextensions.crossplane.io
spec:
group: apiextensions.crossplane.io
@@ -18,48 +18,6 @@ spec:
singular: environmentconfig
scope: Cluster
versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: AGE
- type: date
- name: v1alpha1
- schema:
- openAPIV3Schema:
- description: |-
- An EnvironmentConfig contains user-defined unstructured values for
- use in a Composition.
-
- Read the Crossplane documentation for
- [more information about EnvironmentConfigs](https://docs.crossplane.io/latest/concepts/environment-configs).
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- data:
- additionalProperties:
- x-kubernetes-preserve-unknown-fields: true
- description: |-
- The data of this EnvironmentConfig.
- This may contain any kind of structure that can be serialized into JSON.
- type: object
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- type: object
- served: true
- storage: true
- subresources: {}
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: AGE
@@ -100,5 +58,5 @@ spec:
type: object
type: object
served: true
- storage: false
+ storage: true
subresources: {}
diff --git a/content/v2.1/api/crds/apiextensions.crossplane.io_managedresourceactivationpolicies.yaml b/content/v2.1/api/crds/apiextensions.crossplane.io_managedresourceactivationpolicies.yaml
new file mode 100644
index 000000000..5b837f1bf
--- /dev/null
+++ b/content/v2.1/api/crds/apiextensions.crossplane.io_managedresourceactivationpolicies.yaml
@@ -0,0 +1,126 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ name: managedresourceactivationpolicies.apiextensions.crossplane.io
+spec:
+ group: apiextensions.crossplane.io
+ names:
+ categories:
+ - crossplane
+ kind: ManagedResourceActivationPolicy
+ listKind: ManagedResourceActivationPolicyList
+ plural: managedresourceactivationpolicies
+ shortNames:
+ - mrap
+ singular: managedresourceactivationpolicy
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: A ManagedResourceActivationPolicy defines the activation policy
+ for ManagedResourceDefinitions.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ManagedResourceActivationPolicySpec specifies the desired
+ activation state of ManagedResourceDefinitions.
+ properties:
+ activate:
+ description: |-
+ Activations is an array of MRD names to activate. Supports wildcard
+ prefixes (like `*.aws.crossplane.io`) but not full regular expressions.
+ items:
+ description: ActivationPolicy matches on MRD names with wildcard
+ prefix support.
+ type: string
+ minItems: 1
+ type: array
+ required:
+ - activate
+ type: object
+ status:
+ description: ManagedResourceActivationPolicyStatus shows the observed
+ state of the policy.
+ properties:
+ activated:
+ description: Activated names the ManagedResourceDefinitions this policy
+ has activated.
+ items:
+ type: string
+ type: array
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/content/v1.19/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml b/content/v2.1/api/crds/apiextensions.crossplane.io_managedresourcedefinitions.yaml
similarity index 56%
rename from content/v1.19/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml
rename to content/v2.1/api/crds/apiextensions.crossplane.io_managedresourcedefinitions.yaml
index d5ee89972..e3c6baa7e 100644
--- a/content/v1.19/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml
+++ b/content/v2.1/api/crds/apiextensions.crossplane.io_managedresourcedefinitions.yaml
@@ -3,41 +3,37 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.16.5
- name: compositeresourcedefinitions.apiextensions.crossplane.io
+ controller-gen.kubebuilder.io/version: v0.19.0
+ name: managedresourcedefinitions.apiextensions.crossplane.io
spec:
group: apiextensions.crossplane.io
names:
categories:
- crossplane
- kind: CompositeResourceDefinition
- listKind: CompositeResourceDefinitionList
- plural: compositeresourcedefinitions
+ kind: ManagedResourceDefinition
+ listKind: ManagedResourceDefinitionList
+ plural: managedresourcedefinitions
shortNames:
- - xrd
- - xrds
- singular: compositeresourcedefinition
+ - mrd
+ - mrds
+ singular: managedresourcedefinition
scope: Cluster
versions:
- additionalPrinterColumns:
+ - jsonPath: .spec.state
+ name: STATE
+ type: string
- jsonPath: .status.conditions[?(@.type=='Established')].status
name: ESTABLISHED
type: string
- - jsonPath: .status.conditions[?(@.type=='Offered')].status
- name: OFFERED
- type: string
- jsonPath: .metadata.creationTimestamp
name: AGE
type: date
- name: v1
+ name: v1alpha1
schema:
openAPIV3Schema:
- description: |-
- A CompositeResourceDefinition defines the schema for a new custom Kubernetes
- API.
-
- Read the Crossplane documentation for
- [more information about CustomResourceDefinitions](https://docs.crossplane.io/latest/concepts/composite-resource-definitions).
+ description: A ManagedResourceDefinition defines the schema for a new custom
+ Kubernetes API.
properties:
apiVersion:
description: |-
@@ -57,76 +53,29 @@ spec:
metadata:
type: object
spec:
- description: CompositeResourceDefinitionSpec specifies the desired state
- of the definition.
+ description: ManagedResourceDefinitionSpec specifies the desired state
+ of the resource definition.
properties:
- claimNames:
- description: |-
- ClaimNames specifies the names of an optional composite resource claim.
- When claim names are specified Crossplane will create a namespaced
- 'composite resource claim' CRD that corresponds to the defined composite
- resource. This composite resource claim acts as a namespaced proxy for
- the composite resource; creating, updating, or deleting the claim will
- create, update, or delete a corresponding composite resource. You may add
- claim names to an existing CompositeResourceDefinition, but they cannot
- be changed or removed once they have been set.
- properties:
- categories:
- description: |-
- categories is a list of grouped resources this custom resource belongs to (e.g. 'all').
- This is published in API discovery documents, and used by clients to support invocations like
- `kubectl get all`.
- items:
+ connectionDetails:
+ description: ConnectionDetails is an array of connection detail keys
+ and descriptions.
+ items:
+ description: ConnectionDetail holds keys and descriptions of connection
+ secrets.
+ properties:
+ description:
+ description: Description of how the key is used.
type: string
- type: array
- x-kubernetes-list-type: atomic
- kind:
- description: |-
- kind is the serialized kind of the resource. It is normally CamelCase and singular.
- Custom resource instances will use this value as the `kind` attribute in API calls.
- type: string
- listKind:
- description: listKind is the serialized kind of the list for this
- resource. Defaults to "`kind`List".
- type: string
- plural:
- description: |-
- plural is the plural name of the resource to serve.
- The custom resources are served under `/apis///.../`.
- Must match the name of the CustomResourceDefinition (in the form `.`).
- Must be all lowercase.
- type: string
- shortNames:
- description: |-
- shortNames are short names for the resource, exposed in API discovery documents,
- and used by clients to support invocations like `kubectl get `.
- It must be all lowercase.
- items:
+ name:
+ description: Name of the key.
type: string
- type: array
- x-kubernetes-list-type: atomic
- singular:
- description: singular is the singular name of the resource. It
- must be all lowercase. Defaults to lowercased `kind`.
- type: string
- required:
- - kind
- - plural
- type: object
- x-kubernetes-validations:
- - message: Value is immutable
- rule: self == oldSelf
- connectionSecretKeys:
- description: |-
- ConnectionSecretKeys is the list of keys that will be exposed to the end
- user of the defined kind.
- If the list is empty, all keys will be published.
- items:
- type: string
+ required:
+ - description
+ - name
+ type: object
type: array
conversion:
- description: Conversion defines all conversion settings for the defined
- Composite resource.
+ description: Conversion defines conversion settings for the CRD.
properties:
strategy:
description: |-
@@ -228,86 +177,17 @@ spec:
required:
- strategy
type: object
- defaultCompositeDeletePolicy:
- default: Background
- description: |-
- DefaultCompositeDeletePolicy is the policy used when deleting the Composite
- that is associated with the Claim if no policy has been specified.
- enum:
- - Background
- - Foreground
- type: string
- defaultCompositionRef:
- description: |-
- DefaultCompositionRef refers to the Composition resource that will be used
- in case no composition selector is given.
- properties:
- name:
- description: Name of the Composition.
- type: string
- required:
- - name
- type: object
- defaultCompositionUpdatePolicy:
- default: Automatic
- description: |-
- DefaultCompositionUpdatePolicy is the policy used when updating composites after a new
- Composition Revision has been created if no policy has been specified on the composite.
- enum:
- - Automatic
- - Manual
- type: string
- enforcedCompositionRef:
- description: |-
- EnforcedCompositionRef refers to the Composition resource that will be used
- by all composite instances whose schema is defined by this definition.
- properties:
- name:
- description: Name of the Composition.
- type: string
- required:
- - name
- type: object
- x-kubernetes-validations:
- - message: Value is immutable
- rule: self == oldSelf
group:
description: |-
- Group specifies the API group of the defined composite resource.
- Composite resources are served under `/apis//...`. Must match the
- name of the XRD (in the form `.`).
+ Group is the API group of the defined custom resource.
+ The custom resources are served under `/apis//...`.
+ Must match the name of the CustomResourceDefinition (in the form `.`).
type: string
x-kubernetes-validations:
- message: Value is immutable
rule: self == oldSelf
- metadata:
- description: Metadata specifies the desired metadata for the defined
- composite resource and claim CRD's.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
- and services.
- These labels are added to the composite resource and claim CRD's in addition
- to any labels defined by `CompositionResourceDefinition` `metadata.labels`.
- type: object
- type: object
names:
- description: |-
- Names specifies the resource and kind names of the defined composite
+ description: Names specify the resource and kind names for the custom
resource.
properties:
categories:
@@ -355,29 +235,60 @@ spec:
x-kubernetes-validations:
- message: Value is immutable
rule: self == oldSelf
+ - message: Plural name must be lowercase
+ rule: self.plural == self.plural.lowerAscii()
+ - message: Singular name must be lowercase
+ rule: '!has(self.singular) || self.singular == self.singular.lowerAscii()'
+ preserveUnknownFields:
+ description: |-
+ PreserveUnknownFields indicates that object fields which are not specified
+ in the OpenAPI schema should be preserved when persisting to storage.
+ apiVersion, kind, metadata and known fields inside metadata are always preserved.
+ This field is deprecated in favor of setting `x-preserve-unknown-fields` to true in `spec.versions[*].schema.openAPIV3Schema`.
+ See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#field-pruning for details.
+ type: boolean
+ scope:
+ default: Namespaced
+ description: |-
+ Scope indicates whether the defined custom resource is cluster- or namespace-scoped.
+ Allowed values are `Cluster` and `Namespaced`.
+ enum:
+ - Namespaced
+ - Cluster
+ type: string
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ state:
+ default: Inactive
+ description: State toggles whether the underlying CRD is created or
+ not.
+ enum:
+ - Active
+ - Inactive
+ type: string
+ x-kubernetes-validations:
+ - message: state cannot be changed once it becomes Active
+ rule: self == oldSelf || oldSelf != 'Active'
versions:
description: |-
- Versions is the list of all API versions of the defined composite
- resource. Version names are used to compute the order in which served
- versions are listed in API discovery. If the version string is
- "kube-like", it will sort above non "kube-like" version strings, which
- are ordered lexicographically. "Kube-like" versions start with a "v",
- then are followed by a number (the major version), then optionally the
- string "alpha" or "beta" and another number (the minor version). These
- are sorted first by GA > beta > alpha (where GA is a version with no
- suffix such as beta or alpha), and then by comparing major version, then
- minor version. An example sorted list of versions: v10, v2, v1, v11beta2,
- v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.
+ Versions is the list of all API versions of the defined custom resource.
+ Version names are used to compute the order in which served versions are listed in API discovery.
+ If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered
+ lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version),
+ then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first
+ by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing
+ major version, then minor version. An example sorted list of versions:
+ v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.
items:
- description: CompositeResourceDefinitionVersion describes a version
- of an XR.
+ description: CustomResourceDefinitionVersion describes a version
+ for CRD.
properties:
additionalPrinterColumns:
description: |-
- AdditionalPrinterColumns specifies additional columns returned in Table
- output. If no columns are specified, a single column displaying the age
- of the custom resource is used. See the following link for details:
- https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables
+ AdditionalPrinterColumns specifies additional columns returned in Table output.
+ See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details.
+ If no columns are specified, a single column displaying the age of the custom resource is used.
items:
description: CustomResourceColumnDefinition specifies a column
for server side printing.
@@ -418,39 +329,28 @@ spec:
- type
type: object
type: array
+ x-kubernetes-list-type: atomic
deprecated:
description: |-
- The deprecated field specifies that this version is deprecated and should
- not be used.
+ Deprecated indicates this version of the custom resource API is deprecated.
+ When set to true, API requests to this version receive a warning header in the server response.
+ Defaults to false.
type: boolean
deprecationWarning:
description: |-
- DeprecationWarning specifies the message that should be shown to the user
- when using this version.
- maxLength: 256
+ DeprecationWarning overrides the default warning returned to API clients.
+ May only be set when `deprecated` is true.
+ The default warning indicates this version is deprecated and recommends use
+ of the newest served version of equal or greater stability, if one exists.
type: string
name:
description: |-
- Name of this version, e.g. “v1”, “v2beta1”, etc. Composite resources are
- served under this version at `/apis///...` if `served` is
- true.
+ Name is the version name, e.g. “v1”, “v2beta1”, etc.
+ The custom resources are served under this version at `/apis///...` if `served` is true.
type: string
- referenceable:
- description: |-
- Referenceable specifies that this version may be referenced by a
- Composition in order to configure which resources an XR may be composed
- of. Exactly one version must be marked as referenceable; all Compositions
- must target only the referenceable version. The referenceable version
- must be served. It's mapped to the CRD's `spec.versions[*].storage` field.
- type: boolean
schema:
- description: |-
- Schema describes the schema used for validation, pruning, and defaulting
- of this version of the defined composite resource. Fields required by all
- composite resources will be injected into this schema automatically, and
- will override equivalently named fields in this schema. Omitting this
- schema results in a schema that contains only the fields required by all
- composite resources.
+ description: Schema describes the schema used for validation,
+ pruning, and defaulting of this version of the custom resource.
properties:
openAPIV3Schema:
description: |-
@@ -459,24 +359,104 @@ spec:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
+ selectableFields:
+ description: |-
+ SelectableFields specifies paths to fields that may be used as field selectors.
+ A maximum of 8 selectable fields are allowed.
+ See https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors
+ items:
+ description: SelectableField specifies the JSON path of a
+ field that may be used with field selectors.
+ properties:
+ jsonPath:
+ description: |-
+ jsonPath is a simple JSON path which is evaluated against each custom resource to produce a
+ field selector value.
+ Only JSON paths without the array notation are allowed.
+ Must point to a field of type string, boolean or integer. Types with enum values
+ and strings with formats are allowed.
+ If jsonPath refers to absent field in a resource, the jsonPath evaluates to an empty string.
+ Must not point to metdata fields.
+ Required.
+ type: string
+ required:
+ - jsonPath
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
served:
- description: Served specifies that this version should be served
- via REST APIs.
+ description: Served is a flag enabling/disabling this version
+ from being served via REST APIs
+ type: boolean
+ storage:
+ description: |-
+ Storage indicates this version should be used when persisting custom resources to storage.
+ There must be exactly one version with storage=true.
type: boolean
+ subresources:
+ description: Subresources specify what subresources this version
+ of the defined custom resource have.
+ properties:
+ scale:
+ description: scale indicates the custom resource should
+ serve a `/scale` subresource that returns an `autoscaling/v1`
+ Scale object.
+ properties:
+ labelSelectorPath:
+ description: |-
+ labelSelectorPath defines the JSON path inside of a custom resource that corresponds to Scale `status.selector`.
+ Only JSON paths without the array notation are allowed.
+ Must be a JSON Path under `.status` or `.spec`.
+ Must be set to work with HorizontalPodAutoscaler.
+ The field pointed by this JSON path must be a string field (not a complex selector struct)
+ which contains a serialized label selector in string form.
+ More info: https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource
+ If there is no value under the given path in the custom resource, the `status.selector` value in the `/scale`
+ subresource will default to the empty string.
+ type: string
+ specReplicasPath:
+ description: |-
+ specReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `spec.replicas`.
+ Only JSON paths without the array notation are allowed.
+ Must be a JSON Path under `.spec`.
+ If there is no value under the given path in the custom resource, the `/scale` subresource will return an error on GET.
+ type: string
+ statusReplicasPath:
+ description: |-
+ statusReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `status.replicas`.
+ Only JSON paths without the array notation are allowed.
+ Must be a JSON Path under `.status`.
+ If there is no value under the given path in the custom resource, the `status.replicas` value in the `/scale` subresource
+ will default to 0.
+ type: string
+ required:
+ - specReplicasPath
+ - statusReplicasPath
+ type: object
+ status:
+ description: |-
+ status indicates the custom resource should serve a `/status` subresource.
+ When enabled:
+ 1. requests to the custom resource primary endpoint ignore changes to the `status` stanza of the object.
+ 2. requests to the custom resource `/status` subresource ignore changes to anything other than the `status` stanza of the object.
+ type: object
+ type: object
required:
- name
- - referenceable
- served
+ - storage
type: object
type: array
+ x-kubernetes-list-type: atomic
required:
- group
- names
+ - scope
- versions
type: object
status:
- description: CompositeResourceDefinitionStatus shows the observed state
- of the definition.
+ description: ManagedResourceDefinitionStatus shows the observed state
+ of the resource definition.
properties:
conditions:
description: Conditions of the resource.
@@ -524,48 +504,6 @@ spec:
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
- controllers:
- description: |-
- Controllers represents the status of the controllers that power this
- composite resource definition.
- properties:
- compositeResourceClaimType:
- description: |-
- The CompositeResourceClaimTypeRef is the type of composite resource claim
- that Crossplane is currently reconciling for this definition. Its version
- will eventually become consistent with the definition's referenceable
- version. Note that clients may interact with any served type; this is
- simply the type that Crossplane interacts with.
- properties:
- apiVersion:
- description: APIVersion of the type.
- type: string
- kind:
- description: Kind of the type.
- type: string
- required:
- - apiVersion
- - kind
- type: object
- compositeResourceType:
- description: |-
- The CompositeResourceTypeRef is the type of composite resource that
- Crossplane is currently reconciling for this definition. Its version will
- eventually become consistent with the definition's referenceable version.
- Note that clients may interact with any served type; this is simply the
- type that Crossplane interacts with.
- properties:
- apiVersion:
- description: APIVersion of the type.
- type: string
- kind:
- description: Kind of the type.
- type: string
- required:
- - apiVersion
- - kind
- type: object
- type: object
type: object
type: object
served: true
diff --git a/content/v1.19/api/crds/apiextensions.crossplane.io_usages.yaml b/content/v2.1/api/crds/apiextensions.crossplane.io_usages.yaml
similarity index 96%
rename from content/v1.19/api/crds/apiextensions.crossplane.io_usages.yaml
rename to content/v2.1/api/crds/apiextensions.crossplane.io_usages.yaml
index a7624da79..45264daad 100644
--- a/content/v1.19/api/crds/apiextensions.crossplane.io_usages.yaml
+++ b/content/v2.1/api/crds/apiextensions.crossplane.io_usages.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.16.5
+ controller-gen.kubebuilder.io/version: v0.19.0
name: usages.apiextensions.crossplane.io
spec:
group: apiextensions.crossplane.io
@@ -26,6 +26,9 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: AGE
type: date
+ deprecated: true
+ deprecationWarning: apiextensions.crossplane.io Usage is deprecated; migrate to
+ protection.crossplane.io Usage or ClusterUsage
name: v1alpha1
schema:
openAPIV3Schema:
@@ -36,7 +39,9 @@ spec:
resources with dependent resources.
Read the Crossplane documentation for
- [more information about Compositions](https://docs.crossplane.io/latest/concepts/usages).
+ [more information about Usages](https://docs.crossplane.io/latest/concepts/usages).
+
+ Deprecated: Use protection.crossplane.io Usage or ClusterUsage.
properties:
apiVersion:
description: |-
@@ -223,6 +228,9 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: AGE
type: date
+ deprecated: true
+ deprecationWarning: apiextensions.crossplane.io Usage is deprecated; migrate to
+ protection.crossplane.io Usage or ClusterUsage
name: v1beta1
schema:
openAPIV3Schema:
@@ -233,7 +241,9 @@ spec:
resources with dependent resources.
Read the Crossplane documentation for
- [more information about Compositions](https://docs.crossplane.io/latest/concepts/usages).
+ [more information about Usages](https://docs.crossplane.io/latest/concepts/usages).
+
+ Deprecated: Use protection.crossplane.io Usage or ClusterUsage.
properties:
apiVersion:
description: |-
diff --git a/content/v2.1/api/crds/ops.crossplane.io_cronoperations.yaml b/content/v2.1/api/crds/ops.crossplane.io_cronoperations.yaml
new file mode 100644
index 000000000..5808978fe
--- /dev/null
+++ b/content/v2.1/api/crds/ops.crossplane.io_cronoperations.yaml
@@ -0,0 +1,348 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ name: cronoperations.ops.crossplane.io
+spec:
+ group: ops.crossplane.io
+ names:
+ categories:
+ - crossplane
+ kind: CronOperation
+ listKind: CronOperationList
+ plural: cronoperations
+ shortNames:
+ - cronops
+ singular: cronoperation
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.schedule
+ name: SCHEDULE
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Scheduling')].status
+ name: SCHEDULING
+ type: string
+ - jsonPath: .status.lastScheduleTime
+ name: LAST SCHEDULE
+ type: date
+ - jsonPath: .status.lastSuccessfulTime
+ name: LAST SUCCESS
+ type: date
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: A CronOperation creates Operations on a cron schedule.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CronOperationSpec specifies the desired state of a CronOperation.
+ properties:
+ concurrencyPolicy:
+ default: Allow
+ description: |-
+ ConcurrencyPolicy specifies how to treat concurrent executions of an
+ operation.
+ enum:
+ - Allow
+ - Forbid
+ - Replace
+ type: string
+ failedHistoryLimit:
+ default: 1
+ description: FailedHistoryLimit is the number of failed Operations
+ to retain.
+ format: int32
+ type: integer
+ operationTemplate:
+ description: OperationTemplate is the template for the Operation to
+ be created.
+ properties:
+ metadata:
+ description: Standard object metadata.
+ type: object
+ spec:
+ description: Spec is the specification of the Operation to be
+ created.
+ properties:
+ mode:
+ default: Pipeline
+ description: |-
+ Mode controls what type or "mode" of operation will be used.
+
+ "Pipeline" indicates that an Operation specifies a pipeline of
+ functions, each of which is responsible for implementing its logic.
+ enum:
+ - Pipeline
+ type: string
+ pipeline:
+ description: |-
+ Pipeline is a list of operation function steps that will be used when
+ this operation runs.
+ items:
+ description: A PipelineStep in an operation function pipeline.
+ properties:
+ credentials:
+ description: Credentials are optional credentials that
+ the operation function needs.
+ items:
+ description: |-
+ FunctionCredentials are optional credentials that a function
+ needs to run.
+ properties:
+ name:
+ description: Name of this set of credentials.
+ type: string
+ secretRef:
+ description: |-
+ A SecretRef is a reference to a secret containing credentials that should
+ be supplied to the function.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ source:
+ description: Source of the function credentials.
+ enum:
+ - None
+ - Secret
+ type: string
+ required:
+ - name
+ - source
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ functionRef:
+ description: |-
+ FunctionRef is a reference to the function this step should
+ execute.
+ properties:
+ name:
+ description: Name of the referenced function.
+ type: string
+ required:
+ - name
+ type: object
+ input:
+ description: |-
+ Input is an optional, arbitrary Kubernetes resource (i.e. a resource
+ with an apiVersion and kind) that will be passed to the unction as
+ the 'input' of its RunFunctionRequest.
+ type: object
+ x-kubernetes-embedded-resource: true
+ x-kubernetes-preserve-unknown-fields: true
+ requirements:
+ description: |-
+ Requirements are resource requirements that will be satisfied before
+ this pipeline step is called for the first time. This allows
+ pre-populating required resources without requiring a function to
+ request them first.
+ properties:
+ requiredResources:
+ description: |-
+ RequiredResources that will be fetched before this pipeline step
+ is called for the first time.
+ items:
+ description: |-
+ RequiredResourceSelector selects resources that should be fetched before
+ a pipeline step runs.
+ properties:
+ apiVersion:
+ description: APIVersion of resources to select.
+ type: string
+ kind:
+ description: Kind of resources to select.
+ type: string
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ MatchLabels matches resources by label selector. Only one of Name or
+ MatchLabels may be specified.
+ type: object
+ name:
+ description: |-
+ Name matches a single resource by name. Only one of Name or
+ MatchLabels may be specified.
+ type: string
+ namespace:
+ description: Namespace to search for resources.
+ Optional for cluster-scoped resources.
+ type: string
+ requirementName:
+ description: |-
+ RequirementName uniquely identifies this group of resources.
+ This name will be used as the key in RunFunctionRequest.required_resources.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - requirementName
+ type: object
+ x-kubernetes-validations:
+ - message: Either name or matchLabels must be
+ specified, but not both
+ rule: (has(self.name) && !has(self.matchLabels))
+ || (!has(self.name) && has(self.matchLabels))
+ type: array
+ x-kubernetes-list-map-keys:
+ - requirementName
+ x-kubernetes-list-type: map
+ type: object
+ step:
+ description: Step name. Must be unique within its Pipeline.
+ type: string
+ required:
+ - functionRef
+ - step
+ type: object
+ maxItems: 99
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - step
+ x-kubernetes-list-type: map
+ retryLimit:
+ description: |-
+ RetryLimit configures how many times the operation may fail. When the
+ failure limit is exceeded, the operation will not be retried.
+ format: int64
+ type: integer
+ required:
+ - mode
+ - pipeline
+ type: object
+ required:
+ - spec
+ type: object
+ schedule:
+ description: Schedule is the cron schedule for the operation.
+ type: string
+ startingDeadlineSeconds:
+ description: |-
+ StartingDeadlineSeconds is the deadline in seconds for starting the
+ operation if it misses its scheduled time for any reason.
+ format: int64
+ type: integer
+ successfulHistoryLimit:
+ default: 3
+ description: SuccessfulHistoryLimit is the number of successful Operations
+ to retain.
+ format: int32
+ type: integer
+ required:
+ - operationTemplate
+ - schedule
+ type: object
+ status:
+ description: CronOperationStatus represents the observed state of a CronOperation.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ lastScheduleTime:
+ description: LastScheduleTime is the last time the CronOperation was
+ scheduled.
+ format: date-time
+ type: string
+ lastSuccessfulTime:
+ description: |-
+ LastSuccessfulTime is the last time the CronOperation was successfully
+ completed.
+ format: date-time
+ type: string
+ runningOperationRefs:
+ description: RunningOperationRefs is a list of currently running Operations.
+ items:
+ description: A RunningOperationRef is a reference to a running operation.
+ properties:
+ name:
+ description: Name of the active operation.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/content/v2.1/api/crds/ops.crossplane.io_operations.yaml b/content/v2.1/api/crds/ops.crossplane.io_operations.yaml
new file mode 100644
index 000000000..86f550dd5
--- /dev/null
+++ b/content/v2.1/api/crds/ops.crossplane.io_operations.yaml
@@ -0,0 +1,317 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ name: operations.ops.crossplane.io
+spec:
+ group: ops.crossplane.io
+ names:
+ categories:
+ - crossplane
+ kind: Operation
+ listKind: OperationList
+ plural: operations
+ shortNames:
+ - ops
+ singular: operation
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Succeeded')].status
+ name: SUCCEEDED
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ An Operation defines a pipeline of functions that together constitute a day
+ two operation.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OperationSpec specifies desired state of an operation.
+ properties:
+ mode:
+ default: Pipeline
+ description: |-
+ Mode controls what type or "mode" of operation will be used.
+
+ "Pipeline" indicates that an Operation specifies a pipeline of
+ functions, each of which is responsible for implementing its logic.
+ enum:
+ - Pipeline
+ type: string
+ pipeline:
+ description: |-
+ Pipeline is a list of operation function steps that will be used when
+ this operation runs.
+ items:
+ description: A PipelineStep in an operation function pipeline.
+ properties:
+ credentials:
+ description: Credentials are optional credentials that the operation
+ function needs.
+ items:
+ description: |-
+ FunctionCredentials are optional credentials that a function
+ needs to run.
+ properties:
+ name:
+ description: Name of this set of credentials.
+ type: string
+ secretRef:
+ description: |-
+ A SecretRef is a reference to a secret containing credentials that should
+ be supplied to the function.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ source:
+ description: Source of the function credentials.
+ enum:
+ - None
+ - Secret
+ type: string
+ required:
+ - name
+ - source
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ functionRef:
+ description: |-
+ FunctionRef is a reference to the function this step should
+ execute.
+ properties:
+ name:
+ description: Name of the referenced function.
+ type: string
+ required:
+ - name
+ type: object
+ input:
+ description: |-
+ Input is an optional, arbitrary Kubernetes resource (i.e. a resource
+ with an apiVersion and kind) that will be passed to the unction as
+ the 'input' of its RunFunctionRequest.
+ type: object
+ x-kubernetes-embedded-resource: true
+ x-kubernetes-preserve-unknown-fields: true
+ requirements:
+ description: |-
+ Requirements are resource requirements that will be satisfied before
+ this pipeline step is called for the first time. This allows
+ pre-populating required resources without requiring a function to
+ request them first.
+ properties:
+ requiredResources:
+ description: |-
+ RequiredResources that will be fetched before this pipeline step
+ is called for the first time.
+ items:
+ description: |-
+ RequiredResourceSelector selects resources that should be fetched before
+ a pipeline step runs.
+ properties:
+ apiVersion:
+ description: APIVersion of resources to select.
+ type: string
+ kind:
+ description: Kind of resources to select.
+ type: string
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ MatchLabels matches resources by label selector. Only one of Name or
+ MatchLabels may be specified.
+ type: object
+ name:
+ description: |-
+ Name matches a single resource by name. Only one of Name or
+ MatchLabels may be specified.
+ type: string
+ namespace:
+ description: Namespace to search for resources. Optional
+ for cluster-scoped resources.
+ type: string
+ requirementName:
+ description: |-
+ RequirementName uniquely identifies this group of resources.
+ This name will be used as the key in RunFunctionRequest.required_resources.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - requirementName
+ type: object
+ x-kubernetes-validations:
+ - message: Either name or matchLabels must be specified,
+ but not both
+ rule: (has(self.name) && !has(self.matchLabels)) ||
+ (!has(self.name) && has(self.matchLabels))
+ type: array
+ x-kubernetes-list-map-keys:
+ - requirementName
+ x-kubernetes-list-type: map
+ type: object
+ step:
+ description: Step name. Must be unique within its Pipeline.
+ type: string
+ required:
+ - functionRef
+ - step
+ type: object
+ maxItems: 99
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - step
+ x-kubernetes-list-type: map
+ retryLimit:
+ description: |-
+ RetryLimit configures how many times the operation may fail. When the
+ failure limit is exceeded, the operation will not be retried.
+ format: int64
+ type: integer
+ required:
+ - mode
+ - pipeline
+ type: object
+ status:
+ description: OperationStatus represents the observed state of an operation.
+ properties:
+ appliedResourceRefs:
+ description: AppliedResourceRefs references all resources the Operation
+ applied.
+ items:
+ description: An AppliedResourceRef is a reference to a resource
+ an Operation applied.
+ properties:
+ apiVersion:
+ description: APIVersion of the applied resource.
+ type: string
+ kind:
+ description: Kind of the applied resource.
+ type: string
+ name:
+ description: Name of the applied resource.
+ type: string
+ namespace:
+ description: Namespace of the applied resource.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ type: object
+ type: array
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ failures:
+ description: Number of operation failures.
+ format: int64
+ type: integer
+ pipeline:
+ description: |-
+ Pipeline represents the output of the pipeline steps that this operation
+ ran.
+ items:
+ description: PipelineStepStatus represents the status of an individual
+ pipeline step.
+ properties:
+ output:
+ description: Output of this step.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ step:
+ description: Step name. Unique within its Pipeline.
+ type: string
+ required:
+ - step
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/content/v2.1/api/crds/ops.crossplane.io_watchoperations.yaml b/content/v2.1/api/crds/ops.crossplane.io_watchoperations.yaml
new file mode 100644
index 000000000..e64980419
--- /dev/null
+++ b/content/v2.1/api/crds/ops.crossplane.io_watchoperations.yaml
@@ -0,0 +1,380 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ name: watchoperations.ops.crossplane.io
+spec:
+ group: ops.crossplane.io
+ names:
+ categories:
+ - crossplane
+ kind: WatchOperation
+ listKind: WatchOperationList
+ plural: watchoperations
+ shortNames:
+ - watchops
+ singular: watchoperation
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.watch.kind
+ name: KIND
+ type: string
+ - jsonPath: .status.watchingResources
+ name: COUNT
+ type: integer
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Watching')].status
+ name: WATCHING
+ type: string
+ - jsonPath: .status.lastScheduleTime
+ name: LAST SCHEDULE
+ type: date
+ - jsonPath: .status.lastSuccessfulTime
+ name: LAST SUCCESS
+ type: date
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: A WatchOperation creates Operations when watched resources change.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: WatchOperationSpec specifies the desired state of a WatchOperation.
+ properties:
+ concurrencyPolicy:
+ default: Allow
+ description: |-
+ ConcurrencyPolicy specifies how to treat concurrent executions of an
+ operation.
+ enum:
+ - Allow
+ - Forbid
+ - Replace
+ type: string
+ failedHistoryLimit:
+ default: 1
+ description: FailedHistoryLimit is the number of failed Operations
+ to retain.
+ format: int32
+ type: integer
+ operationTemplate:
+ description: OperationTemplate is the template for the Operation to
+ be created.
+ properties:
+ metadata:
+ description: Standard object metadata.
+ type: object
+ spec:
+ description: Spec is the specification of the Operation to be
+ created.
+ properties:
+ mode:
+ default: Pipeline
+ description: |-
+ Mode controls what type or "mode" of operation will be used.
+
+ "Pipeline" indicates that an Operation specifies a pipeline of
+ functions, each of which is responsible for implementing its logic.
+ enum:
+ - Pipeline
+ type: string
+ pipeline:
+ description: |-
+ Pipeline is a list of operation function steps that will be used when
+ this operation runs.
+ items:
+ description: A PipelineStep in an operation function pipeline.
+ properties:
+ credentials:
+ description: Credentials are optional credentials that
+ the operation function needs.
+ items:
+ description: |-
+ FunctionCredentials are optional credentials that a function
+ needs to run.
+ properties:
+ name:
+ description: Name of this set of credentials.
+ type: string
+ secretRef:
+ description: |-
+ A SecretRef is a reference to a secret containing credentials that should
+ be supplied to the function.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ source:
+ description: Source of the function credentials.
+ enum:
+ - None
+ - Secret
+ type: string
+ required:
+ - name
+ - source
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ functionRef:
+ description: |-
+ FunctionRef is a reference to the function this step should
+ execute.
+ properties:
+ name:
+ description: Name of the referenced function.
+ type: string
+ required:
+ - name
+ type: object
+ input:
+ description: |-
+ Input is an optional, arbitrary Kubernetes resource (i.e. a resource
+ with an apiVersion and kind) that will be passed to the unction as
+ the 'input' of its RunFunctionRequest.
+ type: object
+ x-kubernetes-embedded-resource: true
+ x-kubernetes-preserve-unknown-fields: true
+ requirements:
+ description: |-
+ Requirements are resource requirements that will be satisfied before
+ this pipeline step is called for the first time. This allows
+ pre-populating required resources without requiring a function to
+ request them first.
+ properties:
+ requiredResources:
+ description: |-
+ RequiredResources that will be fetched before this pipeline step
+ is called for the first time.
+ items:
+ description: |-
+ RequiredResourceSelector selects resources that should be fetched before
+ a pipeline step runs.
+ properties:
+ apiVersion:
+ description: APIVersion of resources to select.
+ type: string
+ kind:
+ description: Kind of resources to select.
+ type: string
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ MatchLabels matches resources by label selector. Only one of Name or
+ MatchLabels may be specified.
+ type: object
+ name:
+ description: |-
+ Name matches a single resource by name. Only one of Name or
+ MatchLabels may be specified.
+ type: string
+ namespace:
+ description: Namespace to search for resources.
+ Optional for cluster-scoped resources.
+ type: string
+ requirementName:
+ description: |-
+ RequirementName uniquely identifies this group of resources.
+ This name will be used as the key in RunFunctionRequest.required_resources.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - requirementName
+ type: object
+ x-kubernetes-validations:
+ - message: Either name or matchLabels must be
+ specified, but not both
+ rule: (has(self.name) && !has(self.matchLabels))
+ || (!has(self.name) && has(self.matchLabels))
+ type: array
+ x-kubernetes-list-map-keys:
+ - requirementName
+ x-kubernetes-list-type: map
+ type: object
+ step:
+ description: Step name. Must be unique within its Pipeline.
+ type: string
+ required:
+ - functionRef
+ - step
+ type: object
+ maxItems: 99
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - step
+ x-kubernetes-list-type: map
+ retryLimit:
+ description: |-
+ RetryLimit configures how many times the operation may fail. When the
+ failure limit is exceeded, the operation will not be retried.
+ format: int64
+ type: integer
+ required:
+ - mode
+ - pipeline
+ type: object
+ required:
+ - spec
+ type: object
+ successfulHistoryLimit:
+ default: 3
+ description: SuccessfulHistoryLimit is the number of successful Operations
+ to retain.
+ format: int32
+ type: integer
+ watch:
+ description: Watch specifies the resource to watch.
+ properties:
+ apiVersion:
+ description: APIVersion of the resource to watch.
+ type: string
+ x-kubernetes-validations:
+ - message: apiVersion is immutable
+ rule: self == oldSelf
+ kind:
+ description: Kind of the resource to watch.
+ type: string
+ x-kubernetes-validations:
+ - message: kind is immutable
+ rule: self == oldSelf
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ MatchLabels selects resources by label. If empty, all resources of the
+ specified kind are watched.
+ type: object
+ namespace:
+ description: |-
+ Namespace selects resources in a specific namespace. If empty, all
+ namespaces are watched. Only applicable for namespaced resources.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ type: object
+ required:
+ - operationTemplate
+ - watch
+ type: object
+ status:
+ description: WatchOperationStatus represents the observed state of a WatchOperation.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ lastScheduleTime:
+ description: |-
+ LastScheduleTime is the last time the WatchOperation created an
+ Operation.
+ format: date-time
+ type: string
+ lastSuccessfulTime:
+ description: |-
+ LastSuccessfulTime is the last time the WatchOperation successfully
+ completed an Operation.
+ format: date-time
+ type: string
+ runningOperationRefs:
+ description: RunningOperationRefs is a list of currently running Operations.
+ items:
+ description: A RunningOperationRef is a reference to a running operation.
+ properties:
+ name:
+ description: Name of the active operation.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ watchingResources:
+ description: |-
+ WatchingResources is the number of resources this WatchOperation is
+ currently watching.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/content/v1.19/api/crds/pkg.crossplane.io_configurationrevisions.yaml b/content/v2.1/api/crds/pkg.crossplane.io_configurationrevisions.yaml
similarity index 77%
rename from content/v1.19/api/crds/pkg.crossplane.io_configurationrevisions.yaml
rename to content/v2.1/api/crds/pkg.crossplane.io_configurationrevisions.yaml
index 15888697d..68d753155 100644
--- a/content/v1.19/api/crds/pkg.crossplane.io_configurationrevisions.yaml
+++ b/content/v2.1/api/crds/pkg.crossplane.io_configurationrevisions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.16.5
+ controller-gen.kubebuilder.io/version: v0.19.0
name: configurationrevisions.pkg.crossplane.io
spec:
group: pkg.crossplane.io
@@ -18,27 +18,30 @@ spec:
scope: Cluster
versions:
- additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=='Healthy')].status
+ - jsonPath: .status.conditions[?(@.type=='RevisionHealthy')].status
name: HEALTHY
type: string
- - jsonPath: .spec.revision
- name: REVISION
- type: string
- jsonPath: .spec.image
name: IMAGE
type: string
- jsonPath: .spec.desiredState
name: STATE
type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ - jsonPath: .spec.revision
+ name: REVISION
+ priority: 1
+ type: string
- jsonPath: .status.foundDependencies
name: DEP-FOUND
+ priority: 1
type: string
- jsonPath: .status.installedDependencies
name: DEP-INSTALLED
+ priority: 1
type: string
- - jsonPath: .metadata.creationTimestamp
- name: AGE
- type: date
name: v1
schema:
openAPIV3Schema:
@@ -146,6 +149,34 @@ spec:
description: PackageRevisionStatus represents the observed state of a
PackageRevision.
properties:
+ appliedImageConfigRefs:
+ description: |-
+ AppliedImageConfigRefs records any image configs that were applied in
+ reconciling this revision, and what they were used for.
+ items:
+ description: |-
+ ImageConfigRef is a reference to an image config that indicates how the
+ referenced image config was used by the package manager.
+ properties:
+ name:
+ description: Name is the name of the image config.
+ type: string
+ reason:
+ description: Reason indicates what the image config was used
+ for.
+ type: string
+ required:
+ - name
+ - reason
+ type: object
+ type: array
+ capabilities:
+ description: |-
+ Capabilities of this package. Capabilities are opaque strings that
+ may be meaningful to package consumers.
+ items:
+ type: string
+ type: array
conditions:
description: Conditions of the resource.
items:
@@ -228,59 +259,12 @@ spec:
- name
type: object
type: array
- permissionRequests:
+ resolvedImage:
description: |-
- PermissionRequests made by this package. The package declares that its
- controller needs these permissions to run. The RBAC manager is
- responsible for granting them.
- items:
- description: |-
- PolicyRule holds information that describes a policy rule, but does not contain information
- about who the rule applies to or which namespace the rule applies to.
- properties:
- apiGroups:
- description: |-
- APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
- the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- nonResourceURLs:
- description: |-
- NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
- Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
- Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- resourceNames:
- description: ResourceNames is an optional white list of names
- that the rule applies to. An empty set means that everything
- is allowed.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: Resources is a list of resources this rule applies
- to. '*' represents all resources.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- verbs:
- description: Verbs is a list of Verbs that apply to ALL the
- ResourceKinds contained in this rule. '*' represents all verbs.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - verbs
- type: object
- type: array
+ ResolvedPackage is the name of the package that was installed. It may be
+ different from spec.image if the package path was rewritten using an
+ image config.
+ type: string
type: object
type: object
served: true
diff --git a/content/v1.19/api/crds/pkg.crossplane.io_configurations.yaml b/content/v2.1/api/crds/pkg.crossplane.io_configurations.yaml
similarity index 81%
rename from content/v1.19/api/crds/pkg.crossplane.io_configurations.yaml
rename to content/v2.1/api/crds/pkg.crossplane.io_configurations.yaml
index 6ec9cdc63..784ae97b7 100644
--- a/content/v1.19/api/crds/pkg.crossplane.io_configurations.yaml
+++ b/content/v2.1/api/crds/pkg.crossplane.io_configurations.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.16.5
+ controller-gen.kubebuilder.io/version: v0.19.0
name: configurations.pkg.crossplane.io
spec:
group: pkg.crossplane.io
@@ -80,8 +80,16 @@ spec:
Default is false.
type: boolean
package:
- description: Package is the name of the package that is being requested.
+ description: |-
+ Package is the name of the package that is being requested.
+ must be a fully qualified image name, including the registry,
+ repository, and tag. for example, "registry.example.com/repo/package:tag".
type: string
+ x-kubernetes-validations:
+ - message: must be a fully qualified image name, including the registry,
+ repository, and tag or digest. For example, 'registry.example.com/repo/package:tag'
+ or 'registry.example.com/repo/package[:tag]@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef'.
+ rule: self.matches('^[^\\.\\/]+(\\.[^\\.\\/]+)+(\\/[^\\/:@]+)+(:[^:@]+(@sha256.+)?|@sha256.+)$')
packagePullPolicy:
default: IfNotPresent
description: |-
@@ -138,6 +146,27 @@ spec:
status:
description: ConfigurationStatus represents the observed state of a Configuration.
properties:
+ appliedImageConfigRefs:
+ description: |-
+ AppliedImageConfigRefs records any image configs that were applied in
+ reconciling this package, and what they were used for.
+ items:
+ description: |-
+ ImageConfigRef is a reference to an image config that indicates how the
+ referenced image config was used by the package manager.
+ properties:
+ name:
+ description: Name is the name of the image config.
+ type: string
+ reason:
+ description: Reason indicates what the image config was used
+ for.
+ type: string
+ required:
+ - name
+ - reason
+ type: object
+ type: array
conditions:
description: Conditions of the resource.
items:
@@ -199,6 +228,12 @@ spec:
reflect the most up to date revision, whether it has been activated or
not.
type: string
+ resolvedPackage:
+ description: |-
+ ResolvedPackage is the name of the package that was used for version
+ resolution. It may be different from spec.package if the package path was
+ rewritten using an image config.
+ type: string
type: object
type: object
served: true
diff --git a/content/v1.19/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml b/content/v2.1/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml
similarity index 92%
rename from content/v1.19/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml
rename to content/v2.1/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml
index 9e3d48074..0b5db2149 100644
--- a/content/v1.19/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml
+++ b/content/v2.1/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.16.5
+ controller-gen.kubebuilder.io/version: v0.19.0
name: deploymentruntimeconfigs.pkg.crossplane.io
spec:
group: pkg.crossplane.io
@@ -549,7 +549,6 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -564,7 +563,6 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -734,7 +732,6 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -749,7 +746,6 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -844,8 +840,8 @@ spec:
most preferred is the one with the greatest sum of weights, i.e.
for each node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ compute a sum by iterating through the elements of this field and subtracting
+ "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched
@@ -918,7 +914,6 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -933,7 +928,6 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -1103,7 +1097,6 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -1118,7 +1111,6 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -1253,8 +1245,9 @@ spec:
variable present in a Container.
properties:
name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
+ description: |-
+ Name of the environment variable.
+ May consist of any printable ASCII characters except '='.
type: string
value:
description: |-
@@ -1316,6 +1309,43 @@ spec:
- fieldPath
type: object
x-kubernetes-map-type: atomic
+ fileKeyRef:
+ description: |-
+ FileKeyRef selects a key of the env file.
+ Requires the EnvFiles feature gate to be enabled.
+ properties:
+ key:
+ description: |-
+ The key within the env file. An invalid key will prevent the pod from starting.
+ The keys defined within a source may consist of any printable ASCII characters except '='.
+ During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
+ type: string
+ optional:
+ default: false
+ description: |-
+ Specify whether the file or its key must be defined. If the file or key
+ does not exist, then the env var is not published.
+ If optional is set to true and the specified key does not exist,
+ the environment variable will not be set in the Pod's containers.
+
+ If optional is set to false and the specified key does not exist,
+ an error will be returned during Pod creation.
+ type: boolean
+ path:
+ description: |-
+ The path within the volume from which to select the file.
+ Must be relative and may not contain the '..' path or start with '..'.
+ type: string
+ volumeName:
+ description: The name of the volume
+ mount containing the env file.
+ type: string
+ required:
+ - key
+ - path
+ - volumeName
+ type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
@@ -1380,14 +1410,14 @@ spec:
envFrom:
description: |-
List of sources to populate environment variables in the container.
- The keys defined within a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container is starting. When a key exists in multiple
+ The keys defined within a source may consist of any printable ASCII characters except '='.
+ When a key exists in multiple
sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence.
Cannot be updated.
items:
description: EnvFromSource represents the
- source of a set of ConfigMaps
+ source of a set of ConfigMaps or Secrets
properties:
configMapRef:
description: The ConfigMap to select from
@@ -1408,9 +1438,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
prefix:
- description: An optional identifier to
- prepend to each key in the ConfigMap.
- Must be a C_IDENTIFIER.
+ description: |-
+ Optional text to prepend to the name of each environment variable.
+ May consist of any printable ASCII characters except '='.
type: string
secretRef:
description: The Secret to select from
@@ -1461,8 +1491,8 @@ spec:
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
properties:
exec:
- description: Exec specifies the action
- to take.
+ description: Exec specifies a command
+ to execute in the container.
properties:
command:
description: |-
@@ -1477,8 +1507,8 @@ spec:
x-kubernetes-list-type: atomic
type: object
httpGet:
- description: HTTPGet specifies the http
- request to perform.
+ description: HTTPGet specifies an HTTP
+ GET request to perform.
properties:
host:
description: |-
@@ -1531,9 +1561,8 @@ spec:
- port
type: object
sleep:
- description: Sleep represents the duration
- that the container should sleep before
- being terminated.
+ description: Sleep represents a duration
+ that the container should sleep.
properties:
seconds:
description: Seconds is the number
@@ -1546,8 +1575,8 @@ spec:
tcpSocket:
description: |-
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
- for the backward compatibility. There are no validation of this field and
- lifecycle hooks will fail in runtime when tcp handler is specified.
+ for backward compatibility. There is no validation of this field and
+ lifecycle hooks will fail at runtime when it is specified.
properties:
host:
description: 'Optional: Host name
@@ -1580,8 +1609,8 @@ spec:
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
properties:
exec:
- description: Exec specifies the action
- to take.
+ description: Exec specifies a command
+ to execute in the container.
properties:
command:
description: |-
@@ -1596,8 +1625,8 @@ spec:
x-kubernetes-list-type: atomic
type: object
httpGet:
- description: HTTPGet specifies the http
- request to perform.
+ description: HTTPGet specifies an HTTP
+ GET request to perform.
properties:
host:
description: |-
@@ -1650,9 +1679,8 @@ spec:
- port
type: object
sleep:
- description: Sleep represents the duration
- that the container should sleep before
- being terminated.
+ description: Sleep represents a duration
+ that the container should sleep.
properties:
seconds:
description: Seconds is the number
@@ -1665,8 +1693,8 @@ spec:
tcpSocket:
description: |-
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
- for the backward compatibility. There are no validation of this field and
- lifecycle hooks will fail in runtime when tcp handler is specified.
+ for backward compatibility. There is no validation of this field and
+ lifecycle hooks will fail at runtime when it is specified.
properties:
host:
description: 'Optional: Host name
@@ -1686,6 +1714,12 @@ spec:
- port
type: object
type: object
+ stopSignal:
+ description: |-
+ StopSignal defines which signal will be sent to a container when it is being stopped.
+ If not specified, the default is defined by the container runtime in use.
+ StopSignal can only be set for Pods with a non-empty .spec.os.name
+ type: string
type: object
livenessProbe:
description: |-
@@ -1695,8 +1729,8 @@ spec:
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
properties:
exec:
- description: Exec specifies the action to
- take.
+ description: Exec specifies a command to
+ execute in the container.
properties:
command:
description: |-
@@ -1717,8 +1751,7 @@ spec:
format: int32
type: integer
grpc:
- description: GRPC specifies an action involving
- a GRPC port.
+ description: GRPC specifies a GRPC HealthCheckRequest.
properties:
port:
description: Port number of the gRPC
@@ -1738,7 +1771,7 @@ spec:
- port
type: object
httpGet:
- description: HTTPGet specifies the http
+ description: HTTPGet specifies an HTTP GET
request to perform.
properties:
host:
@@ -1810,8 +1843,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: TCPSocket specifies an action
- involving a TCP port.
+ description: TCPSocket specifies a connection
+ to a TCP port.
properties:
host:
description: 'Optional: Host name to
@@ -1916,8 +1949,8 @@ spec:
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
properties:
exec:
- description: Exec specifies the action to
- take.
+ description: Exec specifies a command to
+ execute in the container.
properties:
command:
description: |-
@@ -1938,8 +1971,7 @@ spec:
format: int32
type: integer
grpc:
- description: GRPC specifies an action involving
- a GRPC port.
+ description: GRPC specifies a GRPC HealthCheckRequest.
properties:
port:
description: Port number of the gRPC
@@ -1959,7 +1991,7 @@ spec:
- port
type: object
httpGet:
- description: HTTPGet specifies the http
+ description: HTTPGet specifies an HTTP GET
request to perform.
properties:
host:
@@ -2031,8 +2063,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: TCPSocket specifies an action
- involving a TCP port.
+ description: TCPSocket specifies a connection
+ to a TCP port.
properties:
host:
description: 'Optional: Host name to
@@ -2106,7 +2138,7 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
- This is an alpha field and requires enabling the
+ This field depends on the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
@@ -2161,10 +2193,10 @@ spec:
restartPolicy:
description: |-
RestartPolicy defines the restart behavior of individual containers in a pod.
- This field may only be set for init containers, and the only allowed value is "Always".
- For non-init containers or when this field is not specified,
+ This overrides the pod-level restart policy. When this field is not specified,
the restart behavior is defined by the Pod's restart policy and the container type.
- Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ Additionally, setting the RestartPolicy as "Always" for the init container will
+ have the following effect:
this init container will be continually restarted on
exit until all regular containers have terminated. Once all regular
containers have completed, all init containers with restartPolicy "Always"
@@ -2176,6 +2208,59 @@ spec:
init container is started, or after any startupProbe has successfully
completed.
type: string
+ restartPolicyRules:
+ description: |-
+ Represents a list of rules to be checked to determine if the
+ container should be restarted on exit. The rules are evaluated in
+ order. Once a rule matches a container exit condition, the remaining
+ rules are ignored. If no rule matches the container exit condition,
+ the Container-level restart policy determines the whether the container
+ is restarted or not. Constraints on the rules:
+ - At most 20 rules are allowed.
+ - Rules can have the same action.
+ - Identical rules are not forbidden in validations.
+ When rules are specified, container MUST set RestartPolicy explicitly
+ even it if matches the Pod's RestartPolicy.
+ items:
+ description: ContainerRestartRule describes
+ how a container exit is handled.
+ properties:
+ action:
+ description: |-
+ Specifies the action taken on a container exit if the requirements
+ are satisfied. The only possible value is "Restart" to restart the
+ container.
+ type: string
+ exitCodes:
+ description: Represents the exit codes
+ to check on container exits.
+ properties:
+ operator:
+ description: |-
+ Represents the relationship between the container exit code(s) and the
+ specified values. Possible values are:
+ - In: the requirement is satisfied if the container exit code is in the
+ set of specified values.
+ - NotIn: the requirement is satisfied if the container exit code is
+ not in the set of specified values.
+ type: string
+ values:
+ description: |-
+ Specifies the set of values to check for container exit codes.
+ At most 255 elements are allowed.
+ items:
+ format: int32
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ required:
+ - operator
+ type: object
+ required:
+ - action
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
securityContext:
description: |-
SecurityContext defines the security options the container should be run with.
@@ -2383,8 +2468,8 @@ spec:
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
properties:
exec:
- description: Exec specifies the action to
- take.
+ description: Exec specifies a command to
+ execute in the container.
properties:
command:
description: |-
@@ -2405,8 +2490,7 @@ spec:
format: int32
type: integer
grpc:
- description: GRPC specifies an action involving
- a GRPC port.
+ description: GRPC specifies a GRPC HealthCheckRequest.
properties:
port:
description: Port number of the gRPC
@@ -2426,7 +2510,7 @@ spec:
- port
type: object
httpGet:
- description: HTTPGet specifies the http
+ description: HTTPGet specifies an HTTP GET
request to perform.
properties:
host:
@@ -2498,8 +2582,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: TCPSocket specifies an action
- involving a TCP port.
+ description: TCPSocket specifies a connection
+ to a TCP port.
properties:
host:
description: 'Optional: Host name to
@@ -2714,9 +2798,13 @@ spec:
resolver options of a pod.
properties:
name:
- description: Required.
+ description: |-
+ Name is this DNS resolver option's name.
+ Required.
type: string
value:
+ description: Value is this DNS resolver
+ option's value.
type: string
type: object
type: array
@@ -2800,8 +2888,9 @@ spec:
variable present in a Container.
properties:
name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
+ description: |-
+ Name of the environment variable.
+ May consist of any printable ASCII characters except '='.
type: string
value:
description: |-
@@ -2863,6 +2952,43 @@ spec:
- fieldPath
type: object
x-kubernetes-map-type: atomic
+ fileKeyRef:
+ description: |-
+ FileKeyRef selects a key of the env file.
+ Requires the EnvFiles feature gate to be enabled.
+ properties:
+ key:
+ description: |-
+ The key within the env file. An invalid key will prevent the pod from starting.
+ The keys defined within a source may consist of any printable ASCII characters except '='.
+ During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
+ type: string
+ optional:
+ default: false
+ description: |-
+ Specify whether the file or its key must be defined. If the file or key
+ does not exist, then the env var is not published.
+ If optional is set to true and the specified key does not exist,
+ the environment variable will not be set in the Pod's containers.
+
+ If optional is set to false and the specified key does not exist,
+ an error will be returned during Pod creation.
+ type: boolean
+ path:
+ description: |-
+ The path within the volume from which to select the file.
+ Must be relative and may not contain the '..' path or start with '..'.
+ type: string
+ volumeName:
+ description: The name of the volume
+ mount containing the env file.
+ type: string
+ required:
+ - key
+ - path
+ - volumeName
+ type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
@@ -2927,14 +3053,14 @@ spec:
envFrom:
description: |-
List of sources to populate environment variables in the container.
- The keys defined within a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container is starting. When a key exists in multiple
+ The keys defined within a source may consist of any printable ASCII characters except '='.
+ When a key exists in multiple
sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence.
Cannot be updated.
items:
description: EnvFromSource represents the
- source of a set of ConfigMaps
+ source of a set of ConfigMaps or Secrets
properties:
configMapRef:
description: The ConfigMap to select from
@@ -2955,9 +3081,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
prefix:
- description: An optional identifier to
- prepend to each key in the ConfigMap.
- Must be a C_IDENTIFIER.
+ description: |-
+ Optional text to prepend to the name of each environment variable.
+ May consist of any printable ASCII characters except '='.
type: string
secretRef:
description: The Secret to select from
@@ -3005,8 +3131,8 @@ spec:
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
properties:
exec:
- description: Exec specifies the action
- to take.
+ description: Exec specifies a command
+ to execute in the container.
properties:
command:
description: |-
@@ -3021,8 +3147,8 @@ spec:
x-kubernetes-list-type: atomic
type: object
httpGet:
- description: HTTPGet specifies the http
- request to perform.
+ description: HTTPGet specifies an HTTP
+ GET request to perform.
properties:
host:
description: |-
@@ -3075,9 +3201,8 @@ spec:
- port
type: object
sleep:
- description: Sleep represents the duration
- that the container should sleep before
- being terminated.
+ description: Sleep represents a duration
+ that the container should sleep.
properties:
seconds:
description: Seconds is the number
@@ -3090,8 +3215,8 @@ spec:
tcpSocket:
description: |-
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
- for the backward compatibility. There are no validation of this field and
- lifecycle hooks will fail in runtime when tcp handler is specified.
+ for backward compatibility. There is no validation of this field and
+ lifecycle hooks will fail at runtime when it is specified.
properties:
host:
description: 'Optional: Host name
@@ -3124,8 +3249,8 @@ spec:
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
properties:
exec:
- description: Exec specifies the action
- to take.
+ description: Exec specifies a command
+ to execute in the container.
properties:
command:
description: |-
@@ -3140,8 +3265,8 @@ spec:
x-kubernetes-list-type: atomic
type: object
httpGet:
- description: HTTPGet specifies the http
- request to perform.
+ description: HTTPGet specifies an HTTP
+ GET request to perform.
properties:
host:
description: |-
@@ -3194,9 +3319,8 @@ spec:
- port
type: object
sleep:
- description: Sleep represents the duration
- that the container should sleep before
- being terminated.
+ description: Sleep represents a duration
+ that the container should sleep.
properties:
seconds:
description: Seconds is the number
@@ -3209,8 +3333,8 @@ spec:
tcpSocket:
description: |-
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
- for the backward compatibility. There are no validation of this field and
- lifecycle hooks will fail in runtime when tcp handler is specified.
+ for backward compatibility. There is no validation of this field and
+ lifecycle hooks will fail at runtime when it is specified.
properties:
host:
description: 'Optional: Host name
@@ -3230,14 +3354,20 @@ spec:
- port
type: object
type: object
+ stopSignal:
+ description: |-
+ StopSignal defines which signal will be sent to a container when it is being stopped.
+ If not specified, the default is defined by the container runtime in use.
+ StopSignal can only be set for Pods with a non-empty .spec.os.name
+ type: string
type: object
livenessProbe:
description: Probes are not allowed for ephemeral
containers.
properties:
exec:
- description: Exec specifies the action to
- take.
+ description: Exec specifies a command to
+ execute in the container.
properties:
command:
description: |-
@@ -3258,8 +3388,7 @@ spec:
format: int32
type: integer
grpc:
- description: GRPC specifies an action involving
- a GRPC port.
+ description: GRPC specifies a GRPC HealthCheckRequest.
properties:
port:
description: Port number of the gRPC
@@ -3279,7 +3408,7 @@ spec:
- port
type: object
httpGet:
- description: HTTPGet specifies the http
+ description: HTTPGet specifies an HTTP GET
request to perform.
properties:
host:
@@ -3351,8 +3480,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: TCPSocket specifies an action
- involving a TCP port.
+ description: TCPSocket specifies a connection
+ to a TCP port.
properties:
host:
description: 'Optional: Host name to
@@ -3447,8 +3576,8 @@ spec:
containers.
properties:
exec:
- description: Exec specifies the action to
- take.
+ description: Exec specifies a command to
+ execute in the container.
properties:
command:
description: |-
@@ -3469,8 +3598,7 @@ spec:
format: int32
type: integer
grpc:
- description: GRPC specifies an action involving
- a GRPC port.
+ description: GRPC specifies a GRPC HealthCheckRequest.
properties:
port:
description: Port number of the gRPC
@@ -3490,7 +3618,7 @@ spec:
- port
type: object
httpGet:
- description: HTTPGet specifies the http
+ description: HTTPGet specifies an HTTP GET
request to perform.
properties:
host:
@@ -3562,8 +3690,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: TCPSocket specifies an action
- involving a TCP port.
+ description: TCPSocket specifies a connection
+ to a TCP port.
properties:
host:
description: 'Optional: Host name to
@@ -3636,7 +3764,7 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
- This is an alpha field and requires enabling the
+ This field depends on the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
@@ -3692,9 +3820,53 @@ spec:
description: |-
Restart policy for the container to manage the restart behavior of each
container within a pod.
- This may only be set for init containers. You cannot set this field on
- ephemeral containers.
+ You cannot set this field on ephemeral containers.
type: string
+ restartPolicyRules:
+ description: |-
+ Represents a list of rules to be checked to determine if the
+ container should be restarted on exit. You cannot set this field on
+ ephemeral containers.
+ items:
+ description: ContainerRestartRule describes
+ how a container exit is handled.
+ properties:
+ action:
+ description: |-
+ Specifies the action taken on a container exit if the requirements
+ are satisfied. The only possible value is "Restart" to restart the
+ container.
+ type: string
+ exitCodes:
+ description: Represents the exit codes
+ to check on container exits.
+ properties:
+ operator:
+ description: |-
+ Represents the relationship between the container exit code(s) and the
+ specified values. Possible values are:
+ - In: the requirement is satisfied if the container exit code is in the
+ set of specified values.
+ - NotIn: the requirement is satisfied if the container exit code is
+ not in the set of specified values.
+ type: string
+ values:
+ description: |-
+ Specifies the set of values to check for container exit codes.
+ At most 255 elements are allowed.
+ items:
+ format: int32
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ required:
+ - operator
+ type: object
+ required:
+ - action
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
securityContext:
description: |-
Optional: SecurityContext defines the security options the ephemeral container should be run with.
@@ -3895,8 +4067,8 @@ spec:
containers.
properties:
exec:
- description: Exec specifies the action to
- take.
+ description: Exec specifies a command to
+ execute in the container.
properties:
command:
description: |-
@@ -3917,8 +4089,7 @@ spec:
format: int32
type: integer
grpc:
- description: GRPC specifies an action involving
- a GRPC port.
+ description: GRPC specifies a GRPC HealthCheckRequest.
properties:
port:
description: Port number of the gRPC
@@ -3938,7 +4109,7 @@ spec:
- port
type: object
httpGet:
- description: HTTPGet specifies the http
+ description: HTTPGet specifies an HTTP GET
request to perform.
properties:
host:
@@ -4010,8 +4181,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: TCPSocket specifies an action
- involving a TCP port.
+ description: TCPSocket specifies a connection
+ to a TCP port.
properties:
host:
description: 'Optional: Host name to
@@ -4242,7 +4413,9 @@ spec:
hostNetwork:
description: |-
Host networking requested for this pod. Use the host's network namespace.
- If this option is set, the ports that will be used must be specified.
+ When using HostNetwork you should specify ports so the scheduler is aware.
+ When `hostNetwork` is true, specified `hostPort` fields in port definitions must match `containerPort`,
+ and unspecified `hostPort` fields in port definitions are defaulted to match `containerPort`.
Default to false.
type: boolean
hostPID:
@@ -4267,6 +4440,19 @@ spec:
Specifies the hostname of the Pod
If not specified, the pod's hostname will be set to a system-defined value.
type: string
+ hostnameOverride:
+ description: |-
+ HostnameOverride specifies an explicit override for the pod's hostname as perceived by the pod.
+ This field only specifies the pod's hostname and does not affect its DNS records.
+ When this field is set to a non-empty string:
+ - It takes precedence over the values set in `hostname` and `subdomain`.
+ - The Pod's hostname will be set to this value.
+ - `setHostnameAsFQDN` must be nil or set to false.
+ - `hostNetwork` must be set to false.
+
+ This field must be a valid DNS subdomain as defined in RFC 1123 and contain at most 64 characters.
+ Requires the HostnameOverride feature gate to be enabled.
+ type: string
imagePullSecrets:
description: |-
ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
@@ -4304,7 +4490,7 @@ spec:
Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
The resourceRequirements of an init container are taken into account during scheduling
by finding the highest request/limit for each resource type, and then using the max of
- of that value or the sum of the normal containers. Limits are applied to init containers
+ that value or the sum of the normal containers. Limits are applied to init containers
in a similar fashion.
Init containers cannot currently be added or removed.
Cannot be updated.
@@ -4350,8 +4536,9 @@ spec:
variable present in a Container.
properties:
name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
+ description: |-
+ Name of the environment variable.
+ May consist of any printable ASCII characters except '='.
type: string
value:
description: |-
@@ -4413,6 +4600,43 @@ spec:
- fieldPath
type: object
x-kubernetes-map-type: atomic
+ fileKeyRef:
+ description: |-
+ FileKeyRef selects a key of the env file.
+ Requires the EnvFiles feature gate to be enabled.
+ properties:
+ key:
+ description: |-
+ The key within the env file. An invalid key will prevent the pod from starting.
+ The keys defined within a source may consist of any printable ASCII characters except '='.
+ During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
+ type: string
+ optional:
+ default: false
+ description: |-
+ Specify whether the file or its key must be defined. If the file or key
+ does not exist, then the env var is not published.
+ If optional is set to true and the specified key does not exist,
+ the environment variable will not be set in the Pod's containers.
+
+ If optional is set to false and the specified key does not exist,
+ an error will be returned during Pod creation.
+ type: boolean
+ path:
+ description: |-
+ The path within the volume from which to select the file.
+ Must be relative and may not contain the '..' path or start with '..'.
+ type: string
+ volumeName:
+ description: The name of the volume
+ mount containing the env file.
+ type: string
+ required:
+ - key
+ - path
+ - volumeName
+ type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
@@ -4477,14 +4701,14 @@ spec:
envFrom:
description: |-
List of sources to populate environment variables in the container.
- The keys defined within a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container is starting. When a key exists in multiple
+ The keys defined within a source may consist of any printable ASCII characters except '='.
+ When a key exists in multiple
sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence.
Cannot be updated.
items:
description: EnvFromSource represents the
- source of a set of ConfigMaps
+ source of a set of ConfigMaps or Secrets
properties:
configMapRef:
description: The ConfigMap to select from
@@ -4505,9 +4729,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
prefix:
- description: An optional identifier to
- prepend to each key in the ConfigMap.
- Must be a C_IDENTIFIER.
+ description: |-
+ Optional text to prepend to the name of each environment variable.
+ May consist of any printable ASCII characters except '='.
type: string
secretRef:
description: The Secret to select from
@@ -4558,8 +4782,8 @@ spec:
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
properties:
exec:
- description: Exec specifies the action
- to take.
+ description: Exec specifies a command
+ to execute in the container.
properties:
command:
description: |-
@@ -4574,8 +4798,8 @@ spec:
x-kubernetes-list-type: atomic
type: object
httpGet:
- description: HTTPGet specifies the http
- request to perform.
+ description: HTTPGet specifies an HTTP
+ GET request to perform.
properties:
host:
description: |-
@@ -4628,9 +4852,8 @@ spec:
- port
type: object
sleep:
- description: Sleep represents the duration
- that the container should sleep before
- being terminated.
+ description: Sleep represents a duration
+ that the container should sleep.
properties:
seconds:
description: Seconds is the number
@@ -4643,8 +4866,8 @@ spec:
tcpSocket:
description: |-
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
- for the backward compatibility. There are no validation of this field and
- lifecycle hooks will fail in runtime when tcp handler is specified.
+ for backward compatibility. There is no validation of this field and
+ lifecycle hooks will fail at runtime when it is specified.
properties:
host:
description: 'Optional: Host name
@@ -4677,8 +4900,8 @@ spec:
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
properties:
exec:
- description: Exec specifies the action
- to take.
+ description: Exec specifies a command
+ to execute in the container.
properties:
command:
description: |-
@@ -4693,8 +4916,8 @@ spec:
x-kubernetes-list-type: atomic
type: object
httpGet:
- description: HTTPGet specifies the http
- request to perform.
+ description: HTTPGet specifies an HTTP
+ GET request to perform.
properties:
host:
description: |-
@@ -4747,9 +4970,8 @@ spec:
- port
type: object
sleep:
- description: Sleep represents the duration
- that the container should sleep before
- being terminated.
+ description: Sleep represents a duration
+ that the container should sleep.
properties:
seconds:
description: Seconds is the number
@@ -4762,8 +4984,8 @@ spec:
tcpSocket:
description: |-
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
- for the backward compatibility. There are no validation of this field and
- lifecycle hooks will fail in runtime when tcp handler is specified.
+ for backward compatibility. There is no validation of this field and
+ lifecycle hooks will fail at runtime when it is specified.
properties:
host:
description: 'Optional: Host name
@@ -4783,6 +5005,12 @@ spec:
- port
type: object
type: object
+ stopSignal:
+ description: |-
+ StopSignal defines which signal will be sent to a container when it is being stopped.
+ If not specified, the default is defined by the container runtime in use.
+ StopSignal can only be set for Pods with a non-empty .spec.os.name
+ type: string
type: object
livenessProbe:
description: |-
@@ -4792,8 +5020,8 @@ spec:
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
properties:
exec:
- description: Exec specifies the action to
- take.
+ description: Exec specifies a command to
+ execute in the container.
properties:
command:
description: |-
@@ -4814,8 +5042,7 @@ spec:
format: int32
type: integer
grpc:
- description: GRPC specifies an action involving
- a GRPC port.
+ description: GRPC specifies a GRPC HealthCheckRequest.
properties:
port:
description: Port number of the gRPC
@@ -4835,7 +5062,7 @@ spec:
- port
type: object
httpGet:
- description: HTTPGet specifies the http
+ description: HTTPGet specifies an HTTP GET
request to perform.
properties:
host:
@@ -4907,8 +5134,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: TCPSocket specifies an action
- involving a TCP port.
+ description: TCPSocket specifies a connection
+ to a TCP port.
properties:
host:
description: 'Optional: Host name to
@@ -5013,8 +5240,8 @@ spec:
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
properties:
exec:
- description: Exec specifies the action to
- take.
+ description: Exec specifies a command to
+ execute in the container.
properties:
command:
description: |-
@@ -5035,8 +5262,7 @@ spec:
format: int32
type: integer
grpc:
- description: GRPC specifies an action involving
- a GRPC port.
+ description: GRPC specifies a GRPC HealthCheckRequest.
properties:
port:
description: Port number of the gRPC
@@ -5056,7 +5282,7 @@ spec:
- port
type: object
httpGet:
- description: HTTPGet specifies the http
+ description: HTTPGet specifies an HTTP GET
request to perform.
properties:
host:
@@ -5128,8 +5354,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: TCPSocket specifies an action
- involving a TCP port.
+ description: TCPSocket specifies a connection
+ to a TCP port.
properties:
host:
description: 'Optional: Host name to
@@ -5203,7 +5429,7 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
- This is an alpha field and requires enabling the
+ This field depends on the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
@@ -5258,10 +5484,10 @@ spec:
restartPolicy:
description: |-
RestartPolicy defines the restart behavior of individual containers in a pod.
- This field may only be set for init containers, and the only allowed value is "Always".
- For non-init containers or when this field is not specified,
+ This overrides the pod-level restart policy. When this field is not specified,
the restart behavior is defined by the Pod's restart policy and the container type.
- Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ Additionally, setting the RestartPolicy as "Always" for the init container will
+ have the following effect:
this init container will be continually restarted on
exit until all regular containers have terminated. Once all regular
containers have completed, all init containers with restartPolicy "Always"
@@ -5273,6 +5499,59 @@ spec:
init container is started, or after any startupProbe has successfully
completed.
type: string
+ restartPolicyRules:
+ description: |-
+ Represents a list of rules to be checked to determine if the
+ container should be restarted on exit. The rules are evaluated in
+ order. Once a rule matches a container exit condition, the remaining
+ rules are ignored. If no rule matches the container exit condition,
+ the Container-level restart policy determines the whether the container
+ is restarted or not. Constraints on the rules:
+ - At most 20 rules are allowed.
+ - Rules can have the same action.
+ - Identical rules are not forbidden in validations.
+ When rules are specified, container MUST set RestartPolicy explicitly
+ even it if matches the Pod's RestartPolicy.
+ items:
+ description: ContainerRestartRule describes
+ how a container exit is handled.
+ properties:
+ action:
+ description: |-
+ Specifies the action taken on a container exit if the requirements
+ are satisfied. The only possible value is "Restart" to restart the
+ container.
+ type: string
+ exitCodes:
+ description: Represents the exit codes
+ to check on container exits.
+ properties:
+ operator:
+ description: |-
+ Represents the relationship between the container exit code(s) and the
+ specified values. Possible values are:
+ - In: the requirement is satisfied if the container exit code is in the
+ set of specified values.
+ - NotIn: the requirement is satisfied if the container exit code is
+ not in the set of specified values.
+ type: string
+ values:
+ description: |-
+ Specifies the set of values to check for container exit codes.
+ At most 255 elements are allowed.
+ items:
+ format: int32
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ required:
+ - operator
+ type: object
+ required:
+ - action
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
securityContext:
description: |-
SecurityContext defines the security options the container should be run with.
@@ -5480,8 +5759,8 @@ spec:
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
properties:
exec:
- description: Exec specifies the action to
- take.
+ description: Exec specifies a command to
+ execute in the container.
properties:
command:
description: |-
@@ -5502,8 +5781,7 @@ spec:
format: int32
type: integer
grpc:
- description: GRPC specifies an action involving
- a GRPC port.
+ description: GRPC specifies a GRPC HealthCheckRequest.
properties:
port:
description: Port number of the gRPC
@@ -5523,7 +5801,7 @@ spec:
- port
type: object
httpGet:
- description: HTTPGet specifies the http
+ description: HTTPGet specifies an HTTP GET
request to perform.
properties:
host:
@@ -5595,8 +5873,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: TCPSocket specifies an action
- involving a TCP port.
+ description: TCPSocket specifies a connection
+ to a TCP port.
properties:
host:
description: 'Optional: Host name to
@@ -5814,6 +6092,7 @@ spec:
- spec.hostPID
- spec.hostIPC
- spec.hostUsers
+ - spec.resources
- spec.securityContext.appArmorProfile
- spec.securityContext.seLinuxOptions
- spec.securityContext.seccompProfile
@@ -5964,6 +6243,75 @@ spec:
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
+ resources:
+ description: |-
+ Resources is the total amount of CPU and Memory resources required by all
+ containers in the pod. It supports specifying Requests and Limits for
+ "cpu", "memory" and "hugepages-" resource names only. ResourceClaims are not supported.
+
+ This field enables fine-grained control over resource allocation for the
+ entire pod, allowing resource sharing among containers in a pod.
+
+ This is an alpha field and requires enabling the PodLevelResources feature
+ gate.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+ This field depends on the
+ DynamicResourceAllocation feature gate.
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
restartPolicy:
description: |-
Restart policy for all containers within the pod.
@@ -6088,6 +6436,32 @@ spec:
Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
+ seLinuxChangePolicy:
+ description: |-
+ seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
+ It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
+ Valid values are "MountOption" and "Recursive".
+
+ "Recursive" means relabeling of all files on all Pod volumes by the container runtime.
+ This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
+
+ "MountOption" mounts all eligible Pod volumes with `-o context` mount option.
+ This requires all Pods that share the same volume to use the same SELinux label.
+ It is not possible to share the same volume among privileged and unprivileged Pods.
+ Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
+ whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
+ CSIDriver instance. Other volumes are always re-labelled recursively.
+ "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
+
+ If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
+ If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
+ and "Recursive" for all other volumes.
+
+ This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
+
+ All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
seLinuxOptions:
description: |-
The SELinux context to be applied to all containers.
@@ -6426,7 +6800,6 @@ spec:
- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
If this value is nil, the behavior is equivalent to the Honor policy.
- This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
type: string
nodeTaintsPolicy:
description: |-
@@ -6437,7 +6810,6 @@ spec:
- Ignore: node taints are ignored. All nodes are included.
If this value is nil, the behavior is equivalent to the Ignore policy.
- This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
type: string
topologyKey:
description: |-
@@ -6496,6 +6868,8 @@ spec:
description: |-
awsElasticBlockStore represents an AWS Disk resource that is attached to a
kubelet's host machine and then exposed to the pod.
+ Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree
+ awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver.
More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
properties:
fsType:
@@ -6527,9 +6901,10 @@ spec:
- volumeID
type: object
azureDisk:
- description: azureDisk represents an Azure Data
- Disk mount on the host and bind mount to the
- pod.
+ description: |-
+ azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+ Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type
+ are redirected to the disk.csi.azure.com CSI driver.
properties:
cachingMode:
description: 'cachingMode is the Host Caching
@@ -6568,9 +6943,10 @@ spec:
- diskURI
type: object
azureFile:
- description: azureFile represents an Azure File
- Service mount on the host and bind mount to
- the pod.
+ description: |-
+ azureFile represents an Azure File Service mount on the host and bind mount to the pod.
+ Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type
+ are redirected to the file.csi.azure.com CSI driver.
properties:
readOnly:
description: |-
@@ -6591,8 +6967,9 @@ spec:
- shareName
type: object
cephfs:
- description: cephFS represents a Ceph FS mount
- on the host that shares a pod's lifetime
+ description: |-
+ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime.
+ Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.
properties:
monitors:
description: |-
@@ -6645,6 +7022,8 @@ spec:
cinder:
description: |-
cinder represents a cinder volume attached and mounted on kubelets host machine.
+ Deprecated: Cinder is deprecated. All operations for the in-tree cinder type
+ are redirected to the cinder.csi.openstack.org CSI driver.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md
properties:
fsType:
@@ -6756,7 +7135,7 @@ spec:
csi:
description: csi (Container Storage Interface)
represents ephemeral storage that is handled
- by certain external CSI drivers (Beta feature).
+ by certain external CSI drivers.
properties:
driver:
description: |-
@@ -7189,15 +7568,13 @@ spec:
volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
If specified, the CSI driver will create or update the volume with the attributes defined
in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
- it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
- will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
- If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
- will be set by the persistentvolume controller if it exists.
+ it can be changed after the claim is created. An empty string or nil value indicates that no
+ VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state,
+ this field can be reset to its previous value (including nil) to cancel the modification.
If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
exists.
More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
- (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
type: string
volumeMode:
description: |-
@@ -7255,6 +7632,7 @@ spec:
description: |-
flexVolume represents a generic volume resource that is
provisioned/attached using an exec based plugin.
+ Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.
properties:
driver:
description: driver is the name of the driver
@@ -7300,10 +7678,9 @@ spec:
- driver
type: object
flocker:
- description: flocker represents a Flocker volume
- attached to a kubelet's host machine. This
- depends on the Flocker control service being
- running
+ description: |-
+ flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running.
+ Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.
properties:
datasetName:
description: |-
@@ -7320,6 +7697,8 @@ spec:
description: |-
gcePersistentDisk represents a GCE Disk resource that is attached to a
kubelet's host machine and then exposed to the pod.
+ Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree
+ gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver.
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
properties:
fsType:
@@ -7355,7 +7734,7 @@ spec:
gitRepo:
description: |-
gitRepo represents a git repository at a particular revision.
- DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+ Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
into the Pod's container.
properties:
@@ -7379,12 +7758,11 @@ spec:
glusterfs:
description: |-
glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.
properties:
endpoints:
- description: |-
- endpoints is the endpoint name that details Glusterfs topology.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ description: endpoints is the endpoint name
+ that details Glusterfs topology.
type: string
path:
description: |-
@@ -7438,7 +7816,7 @@ spec:
The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
The volume will be mounted read-only (ro) and non-executable files (noexec).
- Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
+ Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.
The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
properties:
pullPolicy:
@@ -7463,7 +7841,7 @@ spec:
description: |-
iscsi represents an ISCSI Disk resource that is attached to a
kubelet's host machine and then exposed to the pod.
- More info: https://examples.k8s.io/volumes/iscsi/README.md
+ More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi
properties:
chapAuthDiscovery:
description: chapAuthDiscovery defines whether
@@ -7590,9 +7968,9 @@ spec:
- claimName
type: object
photonPersistentDisk:
- description: photonPersistentDisk represents
- a PhotonController persistent disk attached
- and mounted on kubelets host machine
+ description: |-
+ photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine.
+ Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.
properties:
fsType:
description: |-
@@ -7608,9 +7986,11 @@ spec:
- pdID
type: object
portworxVolume:
- description: portworxVolume represents a portworx
- volume attached and mounted on kubelets host
- machine
+ description: |-
+ portworxVolume represents a portworx volume attached and mounted on kubelets host machine.
+ Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type
+ are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate
+ is on.
properties:
fsType:
description: |-
@@ -7905,6 +8285,112 @@ spec:
type: array
x-kubernetes-list-type: atomic
type: object
+ podCertificate:
+ description: |-
+ Projects an auto-rotating credential bundle (private key and certificate
+ chain) that the pod can use either as a TLS client or server.
+
+ Kubelet generates a private key and uses it to send a
+ PodCertificateRequest to the named signer. Once the signer approves the
+ request and issues a certificate chain, Kubelet writes the key and
+ certificate chain to the pod filesystem. The pod does not start until
+ certificates have been issued for each podCertificate projected volume
+ source in its spec.
+
+ Kubelet will begin trying to rotate the certificate at the time indicated
+ by the signer using the PodCertificateRequest.Status.BeginRefreshAt
+ timestamp.
+
+ Kubelet can write a single file, indicated by the credentialBundlePath
+ field, or separate files, indicated by the keyPath and
+ certificateChainPath fields.
+
+ The credential bundle is a single file in PEM format. The first PEM
+ entry is the private key (in PKCS#8 format), and the remaining PEM
+ entries are the certificate chain issued by the signer (typically,
+ signers will return their certificate chain in leaf-to-root order).
+
+ Prefer using the credential bundle format, since your application code
+ can read it atomically. If you use keyPath and certificateChainPath,
+ your application must make two separate file reads. If these coincide
+ with a certificate rotation, it is possible that the private key and leaf
+ certificate you read may not correspond to each other. Your application
+ will need to check for this condition, and re-read until they are
+ consistent.
+
+ The named signer controls chooses the format of the certificate it
+ issues; consult the signer implementation's documentation to learn how to
+ use the certificates it issues.
+ properties:
+ certificateChainPath:
+ description: |-
+ Write the certificate chain at this path in the projected volume.
+
+ Most applications should use credentialBundlePath. When using keyPath
+ and certificateChainPath, your application needs to check that the key
+ and leaf certificate are consistent, because it is possible to read the
+ files mid-rotation.
+ type: string
+ credentialBundlePath:
+ description: |-
+ Write the credential bundle at this path in the projected volume.
+
+ The credential bundle is a single file that contains multiple PEM blocks.
+ The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private
+ key.
+
+ The remaining blocks are CERTIFICATE blocks, containing the issued
+ certificate chain from the signer (leaf and any intermediates).
+
+ Using credentialBundlePath lets your Pod's application code make a single
+ atomic read that retrieves a consistent key and certificate chain. If you
+ project them to separate files, your application code will need to
+ additionally check that the leaf certificate was issued to the key.
+ type: string
+ keyPath:
+ description: |-
+ Write the key at this path in the projected volume.
+
+ Most applications should use credentialBundlePath. When using keyPath
+ and certificateChainPath, your application needs to check that the key
+ and leaf certificate are consistent, because it is possible to read the
+ files mid-rotation.
+ type: string
+ keyType:
+ description: |-
+ The type of keypair Kubelet will generate for the pod.
+
+ Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384",
+ "ECDSAP521", and "ED25519".
+ type: string
+ maxExpirationSeconds:
+ description: |-
+ maxExpirationSeconds is the maximum lifetime permitted for the
+ certificate.
+
+ Kubelet copies this value verbatim into the PodCertificateRequests it
+ generates for this projection.
+
+ If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver
+ will reject values shorter than 3600 (1 hour). The maximum allowable
+ value is 7862400 (91 days).
+
+ The signer implementation is then free to issue a certificate with any
+ lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600
+ seconds (1 hour). This constraint is enforced by kube-apiserver.
+ `kubernetes.io` signers will never issue certificates with a lifetime
+ longer than 24 hours.
+ format: int32
+ type: integer
+ signerName:
+ description: Kubelet's generated
+ CSRs will be addressed to this
+ signer.
+ type: string
+ required:
+ - keyType
+ - signerName
+ type: object
secret:
description: secret information about
the secret data to project
@@ -8000,8 +8486,9 @@ spec:
x-kubernetes-list-type: atomic
type: object
quobyte:
- description: quobyte represents a Quobyte mount
- on the host that shares a pod's lifetime
+ description: |-
+ quobyte represents a Quobyte mount on the host that shares a pod's lifetime.
+ Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.
properties:
group:
description: |-
@@ -8040,7 +8527,7 @@ spec:
rbd:
description: |-
rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
- More info: https://examples.k8s.io/volumes/rbd/README.md
+ Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported.
properties:
fsType:
description: |-
@@ -8112,9 +8599,9 @@ spec:
- monitors
type: object
scaleIO:
- description: scaleIO represents a ScaleIO persistent
- volume attached and mounted on Kubernetes
- nodes.
+ description: |-
+ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
+ Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.
properties:
fsType:
default: xfs
@@ -8250,9 +8737,9 @@ spec:
type: string
type: object
storageos:
- description: storageOS represents a StorageOS
- volume attached and mounted on Kubernetes
- nodes.
+ description: |-
+ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
+ Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.
properties:
fsType:
description: |-
@@ -8297,9 +8784,10 @@ spec:
type: string
type: object
vsphereVolume:
- description: vsphereVolume represents a vSphere
- volume attached and mounted on kubelets host
- machine
+ description: |-
+ vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine.
+ Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type
+ are redirected to the csi.vsphere.vmware.com CSI driver.
properties:
fsType:
description: |-
diff --git a/content/v1.19/api/crds/pkg.crossplane.io_functionrevisions.yaml b/content/v2.1/api/crds/pkg.crossplane.io_functionrevisions.yaml
similarity index 77%
rename from content/v1.19/api/crds/pkg.crossplane.io_functionrevisions.yaml
rename to content/v2.1/api/crds/pkg.crossplane.io_functionrevisions.yaml
index d731e839c..9e9a10189 100644
--- a/content/v1.19/api/crds/pkg.crossplane.io_functionrevisions.yaml
+++ b/content/v2.1/api/crds/pkg.crossplane.io_functionrevisions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.16.5
+ controller-gen.kubebuilder.io/version: v0.19.0
name: functionrevisions.pkg.crossplane.io
spec:
group: pkg.crossplane.io
@@ -18,11 +18,11 @@ spec:
scope: Cluster
versions:
- additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=='Healthy')].status
+ - jsonPath: .status.conditions[?(@.type=='RevisionHealthy')].status
name: HEALTHY
type: string
- - jsonPath: .spec.revision
- name: REVISION
+ - jsonPath: .status.conditions[?(@.type=='RuntimeHealthy')].status
+ name: RUNTIME
type: string
- jsonPath: .spec.image
name: IMAGE
@@ -30,15 +30,21 @@ spec:
- jsonPath: .spec.desiredState
name: STATE
type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ - jsonPath: .spec.revision
+ name: REVISION
+ priority: 1
+ type: string
- jsonPath: .status.foundDependencies
name: DEP-FOUND
+ priority: 1
type: string
- jsonPath: .status.installedDependencies
name: DEP-INSTALLED
+ priority: 1
type: string
- - jsonPath: .metadata.creationTimestamp
- name: AGE
- type: date
name: v1
schema:
openAPIV3Schema:
@@ -78,18 +84,6 @@ spec:
and services.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
type: object
- controllerConfigRef:
- description: |-
- ControllerConfigRef references a ControllerConfig resource that will be
- used to configure the packaged controller Deployment.
- Deprecated: Use RuntimeConfigReference instead.
- properties:
- name:
- description: Name of the ControllerConfig.
- type: string
- required:
- - name
- type: object
desiredState:
description: DesiredState of the PackageRevision. Can be either Active
or Inactive.
@@ -189,6 +183,34 @@ spec:
description: FunctionRevisionStatus represents the observed state of a
FunctionRevision.
properties:
+ appliedImageConfigRefs:
+ description: |-
+ AppliedImageConfigRefs records any image configs that were applied in
+ reconciling this revision, and what they were used for.
+ items:
+ description: |-
+ ImageConfigRef is a reference to an image config that indicates how the
+ referenced image config was used by the package manager.
+ properties:
+ name:
+ description: Name is the name of the image config.
+ type: string
+ reason:
+ description: Reason indicates what the image config was used
+ for.
+ type: string
+ required:
+ - name
+ - reason
+ type: object
+ type: array
+ capabilities:
+ description: |-
+ Capabilities of this package. Capabilities are opaque strings that
+ may be meaningful to package consumers.
+ items:
+ type: string
+ type: array
conditions:
description: Conditions of the resource.
items:
@@ -276,59 +298,22 @@ spec:
- name
type: object
type: array
- permissionRequests:
+ resolvedImage:
description: |-
- PermissionRequests made by this package. The package declares that its
- controller needs these permissions to run. The RBAC manager is
- responsible for granting them.
- items:
- description: |-
- PolicyRule holds information that describes a policy rule, but does not contain information
- about who the rule applies to or which namespace the rule applies to.
- properties:
- apiGroups:
- description: |-
- APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
- the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- nonResourceURLs:
- description: |-
- NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
- Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
- Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- resourceNames:
- description: ResourceNames is an optional white list of names
- that the rule applies to. An empty set means that everything
- is allowed.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: Resources is a list of resources this rule applies
- to. '*' represents all resources.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- verbs:
- description: Verbs is a list of Verbs that apply to ALL the
- ResourceKinds contained in this rule. '*' represents all verbs.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - verbs
- type: object
- type: array
+ ResolvedPackage is the name of the package that was installed. It may be
+ different from spec.image if the package path was rewritten using an
+ image config.
+ type: string
+ tlsClientSecretName:
+ description: |-
+ TLSClientSecretName is the name of the TLS Secret that stores client
+ certificates of the Provider.
+ type: string
+ tlsServerSecretName:
+ description: |-
+ TLSServerSecretName is the name of the TLS Secret that stores server
+ certificates of the Provider.
+ type: string
type: object
type: object
served: true
@@ -336,11 +321,11 @@ spec:
subresources:
status: {}
- additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=='Healthy')].status
+ - jsonPath: .status.conditions[?(@.type=='RevisionHealthy')].status
name: HEALTHY
type: string
- - jsonPath: .spec.revision
- name: REVISION
+ - jsonPath: .status.conditions[?(@.type=='RuntimeHealthy')].status
+ name: RUNTIME
type: string
- jsonPath: .spec.image
name: IMAGE
@@ -348,15 +333,21 @@ spec:
- jsonPath: .spec.desiredState
name: STATE
type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ - jsonPath: .spec.revision
+ name: REVISION
+ priority: 1
+ type: string
- jsonPath: .status.foundDependencies
name: DEP-FOUND
+ priority: 1
type: string
- jsonPath: .status.installedDependencies
name: DEP-INSTALLED
+ priority: 1
type: string
- - jsonPath: .metadata.creationTimestamp
- name: AGE
- type: date
name: v1beta1
schema:
openAPIV3Schema:
@@ -396,18 +387,6 @@ spec:
and services.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
type: object
- controllerConfigRef:
- description: |-
- ControllerConfigRef references a ControllerConfig resource that will be
- used to configure the packaged controller Deployment.
- Deprecated: Use RuntimeConfigReference instead.
- properties:
- name:
- description: Name of the ControllerConfig.
- type: string
- required:
- - name
- type: object
desiredState:
description: DesiredState of the PackageRevision. Can be either Active
or Inactive.
@@ -507,6 +486,34 @@ spec:
description: FunctionRevisionStatus represents the observed state of a
FunctionRevision.
properties:
+ appliedImageConfigRefs:
+ description: |-
+ AppliedImageConfigRefs records any image configs that were applied in
+ reconciling this revision, and what they were used for.
+ items:
+ description: |-
+ ImageConfigRef is a reference to an image config that indicates how the
+ referenced image config was used by the package manager.
+ properties:
+ name:
+ description: Name is the name of the image config.
+ type: string
+ reason:
+ description: Reason indicates what the image config was used
+ for.
+ type: string
+ required:
+ - name
+ - reason
+ type: object
+ type: array
+ capabilities:
+ description: |-
+ Capabilities of this package. Capabilities are opaque strings that
+ may be meaningful to package consumers.
+ items:
+ type: string
+ type: array
conditions:
description: Conditions of the resource.
items:
@@ -594,59 +601,22 @@ spec:
- name
type: object
type: array
- permissionRequests:
+ resolvedImage:
description: |-
- PermissionRequests made by this package. The package declares that its
- controller needs these permissions to run. The RBAC manager is
- responsible for granting them.
- items:
- description: |-
- PolicyRule holds information that describes a policy rule, but does not contain information
- about who the rule applies to or which namespace the rule applies to.
- properties:
- apiGroups:
- description: |-
- APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
- the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- nonResourceURLs:
- description: |-
- NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
- Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
- Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- resourceNames:
- description: ResourceNames is an optional white list of names
- that the rule applies to. An empty set means that everything
- is allowed.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: Resources is a list of resources this rule applies
- to. '*' represents all resources.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- verbs:
- description: Verbs is a list of Verbs that apply to ALL the
- ResourceKinds contained in this rule. '*' represents all verbs.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - verbs
- type: object
- type: array
+ ResolvedPackage is the name of the package that was installed. It may be
+ different from spec.image if the package path was rewritten using an
+ image config.
+ type: string
+ tlsClientSecretName:
+ description: |-
+ TLSClientSecretName is the name of the TLS Secret that stores client
+ certificates of the Provider.
+ type: string
+ tlsServerSecretName:
+ description: |-
+ TLSServerSecretName is the name of the TLS Secret that stores server
+ certificates of the Provider.
+ type: string
type: object
type: object
served: true
diff --git a/content/v1.19/api/crds/pkg.crossplane.io_functions.yaml b/content/v2.1/api/crds/pkg.crossplane.io_functions.yaml
similarity index 82%
rename from content/v1.19/api/crds/pkg.crossplane.io_functions.yaml
rename to content/v2.1/api/crds/pkg.crossplane.io_functions.yaml
index 82623ab36..c94c27c62 100644
--- a/content/v1.19/api/crds/pkg.crossplane.io_functions.yaml
+++ b/content/v2.1/api/crds/pkg.crossplane.io_functions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.16.5
+ controller-gen.kubebuilder.io/version: v0.19.0
name: functions.pkg.crossplane.io
spec:
group: pkg.crossplane.io
@@ -69,18 +69,6 @@ spec:
and services.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
type: object
- controllerConfigRef:
- description: |-
- ControllerConfigRef references a ControllerConfig resource that will be
- used to configure the packaged controller Deployment.
- Deprecated: Use RuntimeConfigReference instead.
- properties:
- name:
- description: Name of the ControllerConfig.
- type: string
- required:
- - name
- type: object
ignoreCrossplaneConstraints:
default: false
description: |-
@@ -89,8 +77,16 @@ spec:
Default is false.
type: boolean
package:
- description: Package is the name of the package that is being requested.
+ description: |-
+ Package is the name of the package that is being requested.
+ must be a fully qualified image name, including the registry,
+ repository, and tag. for example, "registry.example.com/repo/package:tag".
type: string
+ x-kubernetes-validations:
+ - message: must be a fully qualified image name, including the registry,
+ repository, and tag or digest. For example, 'registry.example.com/repo/package:tag'
+ or 'registry.example.com/repo/package[:tag]@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef'.
+ rule: self.matches('^[^\\.\\/]+(\\.[^\\.\\/]+)+(\\/[^\\/:@]+)+(:[^:@]+(@sha256.+)?|@sha256.+)$')
packagePullPolicy:
default: IfNotPresent
description: |-
@@ -168,6 +164,27 @@ spec:
status:
description: FunctionStatus represents the observed state of a Function.
properties:
+ appliedImageConfigRefs:
+ description: |-
+ AppliedImageConfigRefs records any image configs that were applied in
+ reconciling this package, and what they were used for.
+ items:
+ description: |-
+ ImageConfigRef is a reference to an image config that indicates how the
+ referenced image config was used by the package manager.
+ properties:
+ name:
+ description: Name is the name of the image config.
+ type: string
+ reason:
+ description: Reason indicates what the image config was used
+ for.
+ type: string
+ required:
+ - name
+ - reason
+ type: object
+ type: array
conditions:
description: Conditions of the resource.
items:
@@ -229,6 +246,12 @@ spec:
reflect the most up to date revision, whether it has been activated or
not.
type: string
+ resolvedPackage:
+ description: |-
+ ResolvedPackage is the name of the package that was used for version
+ resolution. It may be different from spec.package if the package path was
+ rewritten using an image config.
+ type: string
type: object
type: object
served: true
@@ -287,18 +310,6 @@ spec:
and services.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
type: object
- controllerConfigRef:
- description: |-
- ControllerConfigRef references a ControllerConfig resource that will be
- used to configure the packaged controller Deployment.
- Deprecated: Use RuntimeConfigReference instead.
- properties:
- name:
- description: Name of the ControllerConfig.
- type: string
- required:
- - name
- type: object
ignoreCrossplaneConstraints:
default: false
description: |-
@@ -307,8 +318,16 @@ spec:
Default is false.
type: boolean
package:
- description: Package is the name of the package that is being requested.
+ description: |-
+ Package is the name of the package that is being requested.
+ must be a fully qualified image name, including the registry,
+ repository, and tag. for example, "registry.example.com/repo/package:tag".
type: string
+ x-kubernetes-validations:
+ - message: must be a fully qualified image name, including the registry,
+ repository, and tag or digest. For example, 'registry.example.com/repo/package:tag'
+ or 'registry.example.com/repo/package[:tag]@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef'.
+ rule: self.matches('^[^\\.\\/]+(\\.[^\\.\\/]+)+(\\/[^\\/:@]+)+(:[^:@]+(@sha256.+)?|@sha256.+)$')
packagePullPolicy:
default: IfNotPresent
description: |-
@@ -386,6 +405,27 @@ spec:
status:
description: FunctionStatus represents the observed state of a Function.
properties:
+ appliedImageConfigRefs:
+ description: |-
+ AppliedImageConfigRefs records any image configs that were applied in
+ reconciling this package, and what they were used for.
+ items:
+ description: |-
+ ImageConfigRef is a reference to an image config that indicates how the
+ referenced image config was used by the package manager.
+ properties:
+ name:
+ description: Name is the name of the image config.
+ type: string
+ reason:
+ description: Reason indicates what the image config was used
+ for.
+ type: string
+ required:
+ - name
+ - reason
+ type: object
+ type: array
conditions:
description: Conditions of the resource.
items:
@@ -447,6 +487,12 @@ spec:
reflect the most up to date revision, whether it has been activated or
not.
type: string
+ resolvedPackage:
+ description: |-
+ ResolvedPackage is the name of the package that was used for version
+ resolution. It may be different from spec.package if the package path was
+ rewritten using an image config.
+ type: string
type: object
type: object
served: true
diff --git a/content/v1.19/api/crds/pkg.crossplane.io_imageconfigs.yaml b/content/v2.1/api/crds/pkg.crossplane.io_imageconfigs.yaml
similarity index 89%
rename from content/v1.19/api/crds/pkg.crossplane.io_imageconfigs.yaml
rename to content/v2.1/api/crds/pkg.crossplane.io_imageconfigs.yaml
index ae12439fe..0e22392cc 100644
--- a/content/v1.19/api/crds/pkg.crossplane.io_imageconfigs.yaml
+++ b/content/v2.1/api/crds/pkg.crossplane.io_imageconfigs.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.16.5
+ controller-gen.kubebuilder.io/version: v0.19.0
name: imageconfigs.pkg.crossplane.io
spec:
group: pkg.crossplane.io
@@ -47,13 +47,19 @@ spec:
description: ImageConfigSpec contains the configuration for matching images.
properties:
matchImages:
- description: MatchImages is a list of image matching rules that should
- be satisfied.
+ description: |-
+ MatchImages is a list of image matching rules. This ImageConfig will
+ match an image if any one of these rules is satisfied. In the case where
+ multiple ImageConfigs match an image for a given purpose the one with the
+ most specific match will be used. If multiple rules of equal specificity
+ match an arbitrary one will be selected.
items:
description: ImageMatch defines a rule for matching image.
properties:
prefix:
- description: Prefix is the prefix that should be matched.
+ description: |-
+ Prefix is the prefix that should be matched. When multiple prefix rules
+ match an image path, the longest one takes precedence.
type: string
type:
default: Prefix
@@ -95,6 +101,19 @@ spec:
- pullSecretRef
type: object
type: object
+ rewriteImage:
+ description: RewriteImage defines how a matched image's path should
+ be rewritten.
+ properties:
+ prefix:
+ description: |-
+ Prefix is the prefix that will replace the portion of the image's path
+ matched by the prefix in the ImageMatch. If multiple prefixes matched,
+ the longest one will be replaced.
+ type: string
+ required:
+ - prefix
+ type: object
verification:
description: Verification contains the configuration for verifying
the image.
diff --git a/content/v1.19/api/crds/pkg.crossplane.io_locks.yaml b/content/v2.1/api/crds/pkg.crossplane.io_locks.yaml
similarity index 99%
rename from content/v1.19/api/crds/pkg.crossplane.io_locks.yaml
rename to content/v2.1/api/crds/pkg.crossplane.io_locks.yaml
index ac1a15460..b186027f3 100644
--- a/content/v1.19/api/crds/pkg.crossplane.io_locks.yaml
+++ b/content/v2.1/api/crds/pkg.crossplane.io_locks.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.16.5
+ controller-gen.kubebuilder.io/version: v0.19.0
name: locks.pkg.crossplane.io
spec:
group: pkg.crossplane.io
diff --git a/content/v1.19/api/crds/pkg.crossplane.io_providerrevisions.yaml b/content/v2.1/api/crds/pkg.crossplane.io_providerrevisions.yaml
similarity index 76%
rename from content/v1.19/api/crds/pkg.crossplane.io_providerrevisions.yaml
rename to content/v2.1/api/crds/pkg.crossplane.io_providerrevisions.yaml
index 3b60db383..4a3188a4c 100644
--- a/content/v1.19/api/crds/pkg.crossplane.io_providerrevisions.yaml
+++ b/content/v2.1/api/crds/pkg.crossplane.io_providerrevisions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.16.5
+ controller-gen.kubebuilder.io/version: v0.19.0
name: providerrevisions.pkg.crossplane.io
spec:
group: pkg.crossplane.io
@@ -18,11 +18,11 @@ spec:
scope: Cluster
versions:
- additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=='Healthy')].status
+ - jsonPath: .status.conditions[?(@.type=='RevisionHealthy')].status
name: HEALTHY
type: string
- - jsonPath: .spec.revision
- name: REVISION
+ - jsonPath: .status.conditions[?(@.type=='RuntimeHealthy')].status
+ name: RUNTIME
type: string
- jsonPath: .spec.image
name: IMAGE
@@ -30,15 +30,21 @@ spec:
- jsonPath: .spec.desiredState
name: STATE
type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ - jsonPath: .spec.revision
+ name: REVISION
+ priority: 1
+ type: string
- jsonPath: .status.foundDependencies
name: DEP-FOUND
+ priority: 1
type: string
- jsonPath: .status.installedDependencies
name: DEP-INSTALLED
+ priority: 1
type: string
- - jsonPath: .metadata.creationTimestamp
- name: AGE
- type: date
name: v1
schema:
openAPIV3Schema:
@@ -78,18 +84,6 @@ spec:
and services.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
type: object
- controllerConfigRef:
- description: |-
- ControllerConfigRef references a ControllerConfig resource that will be
- used to configure the packaged controller Deployment.
- Deprecated: Use RuntimeConfigReference instead.
- properties:
- name:
- description: Name of the ControllerConfig.
- type: string
- required:
- - name
- type: object
desiredState:
description: DesiredState of the PackageRevision. Can be either Active
or Inactive.
@@ -186,9 +180,37 @@ spec:
- revision
type: object
status:
- description: PackageRevisionStatus represents the observed state of a
- PackageRevision.
+ description: ProviderRevisionStatus represents the observed state of a
+ ProviderRevision.
properties:
+ appliedImageConfigRefs:
+ description: |-
+ AppliedImageConfigRefs records any image configs that were applied in
+ reconciling this revision, and what they were used for.
+ items:
+ description: |-
+ ImageConfigRef is a reference to an image config that indicates how the
+ referenced image config was used by the package manager.
+ properties:
+ name:
+ description: Name is the name of the image config.
+ type: string
+ reason:
+ description: Reason indicates what the image config was used
+ for.
+ type: string
+ required:
+ - name
+ - reason
+ type: object
+ type: array
+ capabilities:
+ description: |-
+ Capabilities of this package. Capabilities are opaque strings that
+ may be meaningful to package consumers.
+ items:
+ type: string
+ type: array
conditions:
description: Conditions of the resource.
items:
@@ -271,59 +293,22 @@ spec:
- name
type: object
type: array
- permissionRequests:
+ resolvedImage:
description: |-
- PermissionRequests made by this package. The package declares that its
- controller needs these permissions to run. The RBAC manager is
- responsible for granting them.
- items:
- description: |-
- PolicyRule holds information that describes a policy rule, but does not contain information
- about who the rule applies to or which namespace the rule applies to.
- properties:
- apiGroups:
- description: |-
- APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
- the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- nonResourceURLs:
- description: |-
- NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
- Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
- Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- resourceNames:
- description: ResourceNames is an optional white list of names
- that the rule applies to. An empty set means that everything
- is allowed.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: Resources is a list of resources this rule applies
- to. '*' represents all resources.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- verbs:
- description: Verbs is a list of Verbs that apply to ALL the
- ResourceKinds contained in this rule. '*' represents all verbs.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - verbs
- type: object
- type: array
+ ResolvedPackage is the name of the package that was installed. It may be
+ different from spec.image if the package path was rewritten using an
+ image config.
+ type: string
+ tlsClientSecretName:
+ description: |-
+ TLSClientSecretName is the name of the TLS Secret that stores client
+ certificates of the Provider.
+ type: string
+ tlsServerSecretName:
+ description: |-
+ TLSServerSecretName is the name of the TLS Secret that stores server
+ certificates of the Provider.
+ type: string
type: object
type: object
served: true
diff --git a/content/v1.19/api/crds/pkg.crossplane.io_providers.yaml b/content/v2.1/api/crds/pkg.crossplane.io_providers.yaml
similarity index 82%
rename from content/v1.19/api/crds/pkg.crossplane.io_providers.yaml
rename to content/v2.1/api/crds/pkg.crossplane.io_providers.yaml
index 401580790..991d886b7 100644
--- a/content/v1.19/api/crds/pkg.crossplane.io_providers.yaml
+++ b/content/v2.1/api/crds/pkg.crossplane.io_providers.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.16.5
+ controller-gen.kubebuilder.io/version: v0.19.0
name: providers.pkg.crossplane.io
spec:
group: pkg.crossplane.io
@@ -71,18 +71,6 @@ spec:
and services.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
type: object
- controllerConfigRef:
- description: |-
- ControllerConfigRef references a ControllerConfig resource that will be
- used to configure the packaged controller Deployment.
- Deprecated: Use RuntimeConfigReference instead.
- properties:
- name:
- description: Name of the ControllerConfig.
- type: string
- required:
- - name
- type: object
ignoreCrossplaneConstraints:
default: false
description: |-
@@ -91,8 +79,16 @@ spec:
Default is false.
type: boolean
package:
- description: Package is the name of the package that is being requested.
+ description: |-
+ Package is the name of the package that is being requested.
+ must be a fully qualified image name, including the registry,
+ repository, and tag. for example, "registry.example.com/repo/package:tag".
type: string
+ x-kubernetes-validations:
+ - message: must be a fully qualified image name, including the registry,
+ repository, and tag or digest. For example, 'registry.example.com/repo/package:tag'
+ or 'registry.example.com/repo/package[:tag]@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef'.
+ rule: self.matches('^[^\\.\\/]+(\\.[^\\.\\/]+)+(\\/[^\\/:@]+)+(:[^:@]+(@sha256.+)?|@sha256.+)$')
packagePullPolicy:
default: IfNotPresent
description: |-
@@ -170,6 +166,27 @@ spec:
status:
description: ProviderStatus represents the observed state of a Provider.
properties:
+ appliedImageConfigRefs:
+ description: |-
+ AppliedImageConfigRefs records any image configs that were applied in
+ reconciling this package, and what they were used for.
+ items:
+ description: |-
+ ImageConfigRef is a reference to an image config that indicates how the
+ referenced image config was used by the package manager.
+ properties:
+ name:
+ description: Name is the name of the image config.
+ type: string
+ reason:
+ description: Reason indicates what the image config was used
+ for.
+ type: string
+ required:
+ - name
+ - reason
+ type: object
+ type: array
conditions:
description: Conditions of the resource.
items:
@@ -231,6 +248,12 @@ spec:
reflect the most up to date revision, whether it has been activated or
not.
type: string
+ resolvedPackage:
+ description: |-
+ ResolvedPackage is the name of the package that was used for version
+ resolution. It may be different from spec.package if the package path was
+ rewritten using an image config.
+ type: string
type: object
type: object
served: true
diff --git a/content/v2.1/api/crds/protection.crossplane.io_clusterusages.yaml b/content/v2.1/api/crds/protection.crossplane.io_clusterusages.yaml
new file mode 100644
index 000000000..762eab8ba
--- /dev/null
+++ b/content/v2.1/api/crds/protection.crossplane.io_clusterusages.yaml
@@ -0,0 +1,216 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ name: clusterusages.protection.crossplane.io
+spec:
+ group: protection.crossplane.io
+ names:
+ categories:
+ - crossplane
+ kind: ClusterUsage
+ listKind: ClusterUsageList
+ plural: clusterusages
+ singular: clusterusage
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.annotations.crossplane\.io/usage-details
+ name: DETAILS
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A ClusterUsage defines a deletion blocking relationship between two
+ resources.
+
+ Usages prevent accidental deletion of a single resource or deletion of
+ resources with dependent resources.
+
+ Read the Crossplane documentation for
+ [more information about usages](https://docs.crossplane.io/latest/concepts/usages).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterUsageSpec defines the desired state of a ClusterUsage.
+ properties:
+ by:
+ description: By is the resource that is "using the other resource".
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ resourceRef:
+ description: Reference to the resource.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ resourceSelector:
+ description: |-
+ Selector to the resource.
+ This field will be ignored if ResourceRef is set.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ type: object
+ type: object
+ x-kubernetes-validations:
+ - message: either a resource reference or a resource selector should
+ be set.
+ rule: has(self.resourceRef) || has(self.resourceSelector)
+ of:
+ description: Of is the resource that is "being used".
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ resourceRef:
+ description: Reference to the resource.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ resourceSelector:
+ description: |-
+ Selector to the resource.
+ This field will be ignored if ResourceRef is set.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ type: object
+ type: object
+ x-kubernetes-validations:
+ - message: either a resource reference or a resource selector should
+ be set.
+ rule: has(self.resourceRef) || has(self.resourceSelector)
+ reason:
+ description: Reason is the reason for blocking deletion of the resource.
+ type: string
+ replayDeletion:
+ description: ReplayDeletion will trigger a deletion on the used resource
+ during the deletion of the usage itself, if it was attempted to
+ be deleted at least once.
+ type: boolean
+ required:
+ - of
+ type: object
+ x-kubernetes-validations:
+ - message: either "spec.by" or "spec.reason" must be specified.
+ rule: has(self.by) || has(self.reason)
+ status:
+ description: UsageStatus defines the observed state of Usage.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/content/v2.1/api/crds/protection.crossplane.io_usages.yaml b/content/v2.1/api/crds/protection.crossplane.io_usages.yaml
new file mode 100644
index 000000000..aba92c408
--- /dev/null
+++ b/content/v2.1/api/crds/protection.crossplane.io_usages.yaml
@@ -0,0 +1,227 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ name: usages.protection.crossplane.io
+spec:
+ group: protection.crossplane.io
+ names:
+ categories:
+ - crossplane
+ kind: Usage
+ listKind: UsageList
+ plural: usages
+ singular: usage
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.annotations.crossplane\.io/usage-details
+ name: DETAILS
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A Usage defines a deletion blocking relationship between two resources.
+
+ Usages prevent accidental deletion of a single resource or deletion of
+ resources with dependent resources.
+
+ Read the Crossplane documentation for
+ [more information about Compositions](https://docs.crossplane.io/latest/concepts/usages).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: UsageSpec defines the desired state of Usage.
+ properties:
+ by:
+ description: By is the resource that is "using the other resource".
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ resourceRef:
+ description: Reference to the resource.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ resourceSelector:
+ description: |-
+ Selector to the resource.
+ This field will be ignored if ResourceRef is set.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ type: object
+ type: object
+ x-kubernetes-validations:
+ - message: either a resource reference or a resource selector should
+ be set.
+ rule: has(self.resourceRef) || has(self.resourceSelector)
+ of:
+ description: Of is the resource that is "being used".
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ resourceRef:
+ description: Reference to the resource.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ namespace:
+ description: Namespace of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ resourceSelector:
+ description: |-
+ Selector to the resource.
+ This field will be ignored if ResourceRef is set.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ namespace:
+ description: |-
+ Namespace ensures an object in the supplied namespace is selected.
+ Omit namespace to only match resources in the Usage's namespace.
+ type: string
+ type: object
+ type: object
+ x-kubernetes-validations:
+ - message: either a resource reference or a resource selector should
+ be set.
+ rule: has(self.resourceRef) || has(self.resourceSelector)
+ reason:
+ description: Reason is the reason for blocking deletion of the resource.
+ type: string
+ replayDeletion:
+ description: ReplayDeletion will trigger a deletion on the used resource
+ during the deletion of the usage itself, if it was attempted to
+ be deleted at least once.
+ type: boolean
+ required:
+ - of
+ type: object
+ x-kubernetes-validations:
+ - message: either "spec.by" or "spec.reason" must be specified.
+ rule: has(self.by) || has(self.reason)
+ - message: cross-namespace "spec.of" is not allowed without "spec.by"
+ resource.
+ rule: has(self.by) || (!has(self.of.resourceRef) || !has(self.of.resourceRef.__namespace__))
+ && (!has(self.of.resourceSelector) || !has(self.of.resourceSelector.__namespace__))
+ status:
+ description: UsageStatus defines the observed state of Usage.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/content/v1.19/cli/_index.md b/content/v2.1/cli/_index.md
similarity index 67%
rename from content/v1.19/cli/_index.md
rename to content/v2.1/cli/_index.md
index 373f705dc..e43f0640c 100644
--- a/content/v1.19/cli/_index.md
+++ b/content/v2.1/cli/_index.md
@@ -1,7 +1,7 @@
---
weight: 200
title: CLI Reference
-description: "Documentation for the Crossplane command-line interface"
+description: "Command-line tools for Crossplane development"
---
The Crossplane CLI helps simplify some development and administration aspects of
@@ -17,11 +17,11 @@ The Crossplane CLI includes:
The Crossplane CLI is a single standalone binary with no external dependencies.
{{}}
-Install the Crossplane CLI on a user's computer.
+Install the Crossplane CLI on a user's computer.
-Most Crossplane CLI commands are independent of Kubernetes and
+Most Crossplane CLI commands are independent of Kubernetes and
don't require access to a Crossplane pod.
-{{< /hint >}}
+{{< /hint >}}
To download the latest version for your CPU architecture with the Crossplane
install script.
@@ -35,13 +35,13 @@ detects your CPU architecture and downloads the latest stable release.
{{}}
-If you don't want to run shell script you can manually download a binary from
-the Crossplane releases repository at
+If you don't want to run shell script you can manually download a binary from
+the Crossplane releases repository at
https://releases.crossplane.io/stable/current/bin
{{}}
-The CLI is named `crank` in the release repository. Download this file.
+The release repository names the CLI `crank`. Download this file.
The `crossplane` binary is the Kubernetes Crossplane pod image.
@@ -53,12 +53,20 @@ Move the binary to a location in your `$PATH`, for example `/usr/local/bin`.
### Download other CLI versions
Download different Crossplane CLI versions or different release branches with
-the `XP_CHANNEL` and `XP_VERSION` environmental variables.
+the `XP_CHANNEL` and `XP_VERSION` environmental variables.
-By default the CLI installs from the `XP_CHANNEL` named `stable` and the
+By default the CLI installs from the `XP_CHANNEL` named `stable` and the
`XP_VERSION` of `current`, matching the most recent stable release.
-For example, to install CLI version `v1.14.0` add `XP_VERSION=v1.14.0` to the
-download script curl command:
+For example, to install CLI version `v1.20.0` add `XP_VERSION=v1.20.0` to the
+download script curl command:
+
+```shell
+curl -sL "https://raw.githubusercontent.com/crossplane/crossplane/main/install.sh" | XP_VERSION=v1.20.0 sh
+```
+
+To install the CLI from the `master` channel add `XP_CHANNEL=master`:
-`curl -sL "https://raw.githubusercontent.com/crossplane/crossplane/main/install.sh" | XP_VERSION=v1.14.0 sh`
\ No newline at end of file
+```shell
+curl -sL "https://raw.githubusercontent.com/crossplane/crossplane/main/install.sh" | XP_CHANNEL=master sh
+```
\ No newline at end of file
diff --git a/content/v1.19/cli/command-reference.md b/content/v2.1/cli/command-reference.md
similarity index 81%
rename from content/v1.19/cli/command-reference.md
rename to content/v2.1/cli/command-reference.md
index 953034209..1be7ea3cf 100644
--- a/content/v1.19/cli/command-reference.md
+++ b/content/v2.1/cli/command-reference.md
@@ -24,7 +24,11 @@ The following flags are available for all commands.
{{< /table >}}
+
+
## version
+
+
The `crossplane version` command returns the version of Crossplane CLI
and the control plane.
@@ -35,11 +39,13 @@ Client Version: v1.17.0
Server Version: v1.17.0
```
+
## render
+
The `crossplane render` command previews the output of a
-[composite resource]({{][}}) after applying
-any [composition functions]({{][}}).
+[composite resource]({{][}}) after applying
+any [composition functions]({{][}}).
{{< hint "important" >}}
The `crossplane render` command requires you to use composition functions.
@@ -72,7 +78,7 @@ metadata:
status:
bucketRegion: us-east-2
---
-apiVersion: s3.aws.upbound.io/v1beta1
+apiVersion: s3.aws.m.upbound.io/v1beta1
kind: Bucket
metadata:
annotations:
@@ -80,6 +86,7 @@ metadata:
generateName: test-xrender-
labels:
crossplane.io/composite: test-xrender
+ namespace: default
ownerReferences:
- apiVersion: nopexample.org/v1
blockOwnerDeletion: true
@@ -167,7 +174,7 @@ spec:
The schema of the resource isn't validated and may contain any data.
-### Mock Extra Resources
+### Mock extra resources
Extra Resources allow a Composition to request Crossplane Objects on the cluster that aren't
part of the Composition. The `--extra-resources` option points at a directory containing
@@ -175,13 +182,17 @@ YAML manifests of resources to mock. Use Extra Resources in combination with a f
[function-extra-resources](https://github.com/crossplane-contrib/function-extra-resources) or the
built-in support in [function-go-templating](https://github.com/crossplane-contrib/function-go-templating?tab=readme-ov-file#extraresources).
+
## xpkg
+
The `crossplane xpkg` commands create, install and update Crossplane
-[packages]({{][}}) as well as enable authentication
+[packages]({{][}}) and enable authentication
and publishing of Crossplane packages to a Crossplane package registry.
+
### xpkg build
+
Using `crossplane xpkg build` provides automation and simplification to build
Crossplane packages.
@@ -193,9 +204,9 @@ The CLI applies the required annotations and values to meet the
[Crossplane XPKG specification](https://github.com/crossplane/crossplane/blob/main/contributing/specifications/xpkg.md).
The `crossplane` CLI supports building
-[configuration]({{< ref "../concepts/packages" >}}),
-[function]({{][}}) and
-[provider]({{][}}) package types.
+[configuration]({{< ref "../packages/configurations" >}}),
+[function]({{][}}) and
+[provider]({{][}}) package types.
#### Flags
@@ -203,7 +214,7 @@ The `crossplane` CLI supports building
| Short flag | Long flag | Description |
| ------------ | ------------- | ------------------------------ |
-| | `--embed-runtime-image-name=NAME` | The image name and tag of an image to include in the package. Only for provider and function packages. |
+| | `--embed-runtime-image=NAME` | The image name and tag of an image to include in the package. Only for provider and function packages. |
| | `--embed-runtime-image-tarball=PATH` | The filename of an image to include in the package. Only for provider and function packages. |
| `-e` | `--examples-root="./examples"` | The path to a directory of examples related to the package. |
| | `--ignore=PATH,...` | List of files and directories to ignore. |
@@ -243,13 +254,13 @@ Include YAML files demonstrating how to use the package with `--examples-root`.
#### Include a runtime image
Functions and Providers require YAML files describing their dependencies and
-settings as well as a container image for their runtime.
+settings and a container image for their runtime.
-Using `--embed-runtime-image-name` runs a specified image and
+Using `--embed-runtime-image` runs a specified image and
includes the image inside the function or provider package.
{{}}
-Images referenced with `--embed-runtime-image-name` must be in the local Docker
+Images referenced with `--embed-runtime-image` must be in the local Docker
cache.
Use `docker pull` to download a missing image.
@@ -258,7 +269,9 @@ Use `docker pull` to download a missing image.
The `--embed-runtime-image-tarball` flag includes a local OCI image tarball
inside the function or provider package.
+
### xpkg init
+
The `crossplane xpkg init` command populates the current directory with
files to build a package.
@@ -270,23 +283,27 @@ with the command
The `` input isn't used. Crossplane reserves the `` for future releases.
The `` value may be one of four well known templates:
-* `configuration-template` - A template to build a Crossplane [Configuration]({{][}}) from the [crossplane/configuration-template](https://github.com/crossplane/configuration-template) repository.
-* `function-template-go` - A template to build Crossplane Go [composition functions]({{][}}) from the [crossplane/function-template-go](https://github.com/crossplane/function-template-go) repository.
-* `function-template-python` - A template to build Crossplane Python [composition functions]({{][}}) from the [crossplane/function-template-python](https://github.com/crossplane/function-template-go) repository.
+* `configuration-template` - A template to build a Crossplane [Configuration]({{][}}) from the [crossplane/configuration-template](https://github.com/crossplane/configuration-template) repository.
+* `function-template-go` - A template to build Crossplane Go [composition functions]({{][}}) from the [crossplane/function-template-go](https://github.com/crossplane/function-template-go) repository.
+* `function-template-python` - A template to build Crossplane Python [composition functions]({{][}}) from the [crossplane/function-template-python](https://github.com/crossplane/function-template-go) repository.
* `provider-template` - A template to build a basic Crossplane provider from the [Crossplane/provider-template](https://github.com/crossplane/provider-template) repository.
* `provider-template-upjet` - A template for building [Upjet](https://github.com/crossplane/upjet) based Crossplane providers from existing Terraform providers. Copies from the [upbound/upjet-provider-template](https://github.com/upbound/upjet-provider-template) repository.
Instead of a well known template the `` value can be a git repository
URL.
+
#### NOTES.txt
+
If the template repository contains a `NOTES.txt` file in its root directory,
the `crossplane xpkg init` command prints the contents of the file to the
terminal after populating the directory with the template files. This can be
useful for providing information about the template.
+
#### init.sh
+
If the template repository contains an `init.sh` file in its root directory, the
`crossplane xpkg init` command starts a dialog after populating the
@@ -305,7 +322,9 @@ personalize the template.
{{< /table >}}
+
### xpkg install
+
Download and install packages into Crossplane with `crossplane xpkg install`.
@@ -325,7 +344,7 @@ The `` is either a `configuration`, `function` or `provider`.
For example, to install the latest version of the
[AWS S3 provider](https://github.com/crossplane-contrib/provider-upjet-aws):
-`crossplane xpkg install provider xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1`
+`crossplane xpkg install provider xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v2.0.0`
#### Flags
{{< table "table table-sm table-striped">}}
@@ -352,7 +371,7 @@ returns an error if the `wait` time expires before the package is `HEALTHY`.
#### Require manual package activation
Set the package to require
-[manual activation]({{][}}),
+[manual activation]({{][}}),
preventing an automatic upgrade of a package with `--manual-activation`
#### Authenticate to a private registry
@@ -372,10 +391,12 @@ cache.
Store more inactive copies of a package with `--revision-history-limit`.
Read more about
-[package revisions]({{< ref "../concepts/packages#configuration-revisions" >}})
+[package revisions]({{< ref "../packages/configurations#configuration-revisions" >}})
in the package documentation.
+
### xpkg login
+
Use `xpkg login` to authenticate to registries that host Crossplane packages.
@@ -430,7 +451,9 @@ Authenticate to a registered organization in the Upbound Marketplace with the
For example,
`crossplane xpkg login --account=Upbound --username=my-user --password -`.
+
### xpkg logout
+
Use `crossplane xpkg logout` to invalidate the current `crossplane xpkg login`
session.
@@ -440,7 +463,9 @@ Using `crossplane xpkg logout` removes the `session` from the
`~/.crossplane/config.json` file, but doesn't delete the configuration file.
{{< /hint >}}
+
### xpkg push
+
Push a Crossplane package file to a package registry.
@@ -478,7 +503,9 @@ DockerHub organization `crossplane-docs/my-package:v0.14.0` use:
| `-f` | `--package-files=PATH` | A comma-separated list of xpkg files to push. |
{{< /table >}}
+
### xpkg update
+
The `crossplane xpkg update` command downloads and updates an existing package.
@@ -496,10 +523,12 @@ already installed in Crossplane.
For example, to update to the latest version of the
[AWS S3 provider](https://github.com/crossplane-contrib/provider-upjet-aws):
-`crossplane xpkg update provider xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1`
+`crossplane xpkg update provider xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v2.0.0`
+
## beta
+
Crossplane `beta` commands are experimental. These commands may change the
flags, options or outputs in future releases.
@@ -508,17 +537,18 @@ Crossplane maintainers may promote or remove commands under `beta` in future
releases.
+
### beta convert
+
As Crossplane evolves, its APIs and resources may change. To help with the
migration to the new APIs and resources, the `crossplane beta convert` command
converts a Crossplane resource to a new version or kind.
-Use the `crossplane beta convert` command to convert an existing
-[ControllerConfig]({{][}})
-to a [DeploymentRuntimeConfig]({{][}})
+Use the `crossplane beta convert` command to convert a
+ControllerConfig to a [DeploymentRuntimeConfig]({{][}})
or a legacy Composition using `mode: Resources` to a
-[Composition pipeline function]({{< ref "../concepts/compositions" >}}).
+[Composition pipeline function]({{< ref "../composition/compositions" >}}).
Provide the `crossplane beta convert` command the conversion type, the input
file and optionally, an output file. By default the command writes the output to
@@ -548,7 +578,9 @@ By default the function name is "function-patch-and-transform."
{{< /table >}}
+
### beta top
+
The command `crossplane beta top` shows CPU and memory usage of Crossplane
related pods.
@@ -592,22 +624,24 @@ running the `top` command may produce an error, for example,
`crossplane: error: error adding metrics to pod, check if metrics-server is running or wait until metrics are available for the pod: the server is currently unable to handle the request (get pods.metrics.k8s.io crossplane-contrib-provider-helm-b4cc4c2c8db3-6d787f9686-qzmz2)`
+
### beta trace
+
Use the `crossplane beta trace` command to display a visual relationship of
-Crossplane objects. The `trace` command supports claims, compositions,
+Crossplane objects. The `trace` command supports XRs, compositions,
functions, managed resources or packages.
The command requires a resource type and a resource name.
`crossplane beta trace `
-For example to view a resource named `my-claim` of type `example.crossplane.io`:
-`crossplane beta trace example.crossplane.io my-claim`
+For example to view a resource named `my-xr` of type `example.crossplane.io`:
+`crossplane beta trace example.crossplane.io my-xr`
The command also accepts Kubernetes CLI style `/` input.
For example,
-`crossplane beta trace example.crossplane.io/my-claim`
+`crossplane beta trace example.crossplane.io/my-xr`
By default the `crossplane beta trace` command uses the Kubernetes
configuration defined in `~/.kube/config`.
@@ -635,46 +669,6 @@ variable `KUBECONFIG`.
By default `crossplane beta trace` prints directly to the terminal, limiting the
"Ready" condition and "Status" messages to 64 characters.
-The following an example output a "cluster" claim from the AWS reference
-platform, which includes multiple Compositions and composed resources:
-
-```shell {copy-lines="1"}
-crossplane beta trace cluster.aws.platformref.upbound.io platform-ref-aws
-NAME VERSION INSTALLED HEALTHY STATE STATUS
-Configuration/platform-ref-aws v0.9.0 True True - HealthyPackageRevision
-├─ ConfigurationRevision/platform-ref-aws-9ad7b5db2899 v0.9.0 - True Active HealthyPackageRevision
-├─ Configuration/upbound-configuration-aws-network v0.7.0 True True - HealthyPackageRevision
-│ ├─ ConfigurationRevision/upbound-configuration-aws-network-97be9100cfe1 v0.7.0 - True Active HealthyPackageRevision
-│ ├─ Provider/upbound-provider-aws-ec2 v0.47.0 True True - HealthyPackageRevision
-│ │ ├─ ProviderRevision/upbound-provider-aws-ec2-cfeb0cd0f1d2 v0.47.0 - True Active HealthyPackageRevision
-│ │ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision
-│ │ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v1.0.0 - True Active HealthyPackageRevision
-│ └─ Function/upbound-function-patch-and-transform v0.2.1 True True - HealthyPackageRevision
-│ └─ FunctionRevision/upbound-function-patch-and-transform-a2f88f8d8715 v0.2.1 - True Active HealthyPackageRevision
-├─ Configuration/upbound-configuration-aws-database v0.5.0 True True - HealthyPackageRevision
-│ ├─ ConfigurationRevision/upbound-configuration-aws-database-3112f0a765c5 v0.5.0 - True Active HealthyPackageRevision
-│ └─ Provider/upbound-provider-aws-rds v0.47.0 True True - HealthyPackageRevision
-│ └─ ProviderRevision/upbound-provider-aws-rds-58f96aa9fc4b v0.47.0 - True Active HealthyPackageRevision
-├─ Configuration/upbound-configuration-aws-eks v0.5.0 True True - HealthyPackageRevision
-│ ├─ ConfigurationRevision/upbound-configuration-aws-eks-83c9d65f4a47 v0.5.0 - True Active HealthyPackageRevision
-│ ├─ Provider/crossplane-contrib-provider-helm v0.16.0 True True - HealthyPackageRevision
-│ │ └─ ProviderRevision/crossplane-contrib-provider-helm-b4cc4c2c8db3 v0.16.0 - True Active HealthyPackageRevision
-│ ├─ Provider/crossplane-contrib-provider-kubernetes v0.10.0 True True - HealthyPackageRevision
-│ │ └─ ProviderRevision/crossplane-contrib-provider-kubernetes-63506a3443e0 v0.10.0 - True Active HealthyPackageRevision
-│ ├─ Provider/upbound-provider-aws-eks v0.47.0 True True - HealthyPackageRevision
-│ │ └─ ProviderRevision/upbound-provider-aws-eks-641a096d79d8 v0.47.0 - True Active HealthyPackageRevision
-│ └─ Provider/upbound-provider-aws-iam v0.47.0 True True - HealthyPackageRevision
-│ └─ ProviderRevision/upbound-provider-aws-iam-438eac423037 v0.47.0 - True Active HealthyPackageRevision
-├─ Configuration/upbound-configuration-app v0.2.0 True True - HealthyPackageRevision
-│ └─ ConfigurationRevision/upbound-configuration-app-5d95726dba8c v0.2.0 - True Active HealthyPackageRevision
-├─ Configuration/upbound-configuration-observability-oss v0.2.0 True True - HealthyPackageRevision
-│ ├─ ConfigurationRevision/upbound-configuration-observability-oss-a51529457ad7 v0.2.0 - True Active HealthyPackageRevision
-│ └─ Provider/grafana-provider-grafana v0.8.0 True True - HealthyPackageRevision
-│ └─ ProviderRevision/grafana-provider-grafana-ac529c8ce1c6 v0.8.0 - True Active HealthyPackageRevision
-└─ Configuration/upbound-configuration-gitops-flux v0.2.0 True True - HealthyPackageRevision
- └─ ConfigurationRevision/upbound-configuration-gitops-flux-2e80ec62738d v0.2.0 - True Active HealthyPackageRevision
-```
-
#### Wide outputs
Print the entire "Ready" or "Status" message if they're longer than
64 characters with `--output=wide`.
@@ -684,7 +678,7 @@ For example, the output truncates the "Status" message that's too long.
```shell {copy-lines="1"
crossplane trace cluster.aws.platformref.upbound.io platform-ref-aws
NAME SYNCED READY STATUS
-Cluster/platform-ref-aws (default) True False Waiting: ...resource claim is waiting for composite resource to become Ready
+Cluster/platform-ref-aws (default) True False Unready resources: cluster
```
Use `--output=wide` to see the full message.
@@ -692,7 +686,7 @@ Use `--output=wide` to see the full message.
```shell {copy-lines="1"
crossplane trace cluster.aws.platformref.upbound.io platform-ref-aws --output=wide
NAME SYNCED READY STATUS
-Cluster/platform-ref-aws (default) True False Waiting: Composite resource claim is waiting for composite resource to become Ready
+Cluster/platform-ref-aws (default) True False Unready resources: cluster
```
#### Graphviz dot file output
@@ -753,52 +747,52 @@ Configuration/platform-ref-aws
├─ ConfigurationRevision/platform-ref-aws-9ad7b5db2899 v0.9.0 - True Active HealthyPackageRevision
├─ Configuration/upbound-configuration-aws-network v0.7.0 True True - HealthyPackageRevision
│ ├─ ConfigurationRevision/upbound-configuration-aws-network-97be9100cfe1 v0.7.0 - True Active HealthyPackageRevision
-│ ├─ Provider/upbound-provider-aws-ec2 v0.47.0 True True - HealthyPackageRevision
-│ │ ├─ ProviderRevision/upbound-provider-aws-ec2-cfeb0cd0f1d2 v0.47.0 - True Active HealthyPackageRevision
-│ │ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision
-│ │ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v1.0.0 - True Active HealthyPackageRevision
+│ ├─ Provider/upbound-provider-aws-ec2 v2.0.0 True True - HealthyPackageRevision
+│ │ ├─ ProviderRevision/upbound-provider-aws-ec2-cfeb0cd0f1d2 v2.0.0 - True Active HealthyPackageRevision
+│ │ └─ Provider/upbound-provider-family-aws v2.0.0 True True - HealthyPackageRevision
+│ │ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v2.0.0 - True Active HealthyPackageRevision
│ └─ Function/upbound-function-patch-and-transform v0.2.1 True True - HealthyPackageRevision
│ └─ FunctionRevision/upbound-function-patch-and-transform-a2f88f8d8715 v0.2.1 - True Active HealthyPackageRevision
├─ Configuration/upbound-configuration-aws-database v0.5.0 True True - HealthyPackageRevision
│ ├─ ConfigurationRevision/upbound-configuration-aws-database-3112f0a765c5 v0.5.0 - True Active HealthyPackageRevision
-│ ├─ Provider/upbound-provider-aws-rds v0.47.0 True True - HealthyPackageRevision
-│ │ ├─ ProviderRevision/upbound-provider-aws-rds-58f96aa9fc4b v0.47.0 - True Active HealthyPackageRevision
-│ │ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision
-│ │ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v1.0.0 - True Active HealthyPackageRevision
+│ ├─ Provider/upbound-provider-aws-rds v2.0.0 True True - HealthyPackageRevision
+│ │ ├─ ProviderRevision/upbound-provider-aws-rds-58f96aa9fc4b v2.0.0 - True Active HealthyPackageRevision
+│ │ └─ Provider/upbound-provider-family-aws v2.0.0 True True - HealthyPackageRevision
+│ │ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v2.0.0 - True Active HealthyPackageRevision
│ └─ Configuration/upbound-configuration-aws-network v0.7.0 True True - HealthyPackageRevision
│ ├─ ConfigurationRevision/upbound-configuration-aws-network-97be9100cfe1 v0.7.0 - True Active HealthyPackageRevision
-│ ├─ Provider/upbound-provider-aws-ec2 v0.47.0 True True - HealthyPackageRevision
-│ │ ├─ ProviderRevision/upbound-provider-aws-ec2-cfeb0cd0f1d2 v0.47.0 - True Active HealthyPackageRevision
-│ │ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision
-│ │ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v1.0.0 - True Active HealthyPackageRevision
+│ ├─ Provider/upbound-provider-aws-ec2 v2.0.0 True True - HealthyPackageRevision
+│ │ ├─ ProviderRevision/upbound-provider-aws-ec2-cfeb0cd0f1d2 v2.0.0 - True Active HealthyPackageRevision
+│ │ └─ Provider/upbound-provider-family-aws v2.0.0 True True - HealthyPackageRevision
+│ │ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v2.0.0 - True Active HealthyPackageRevision
│ └─ Function/upbound-function-patch-and-transform v0.2.1 True True - HealthyPackageRevision
│ └─ FunctionRevision/upbound-function-patch-and-transform-a2f88f8d8715 v0.2.1 - True Active HealthyPackageRevision
├─ Configuration/upbound-configuration-aws-eks v0.5.0 True True - HealthyPackageRevision
│ ├─ ConfigurationRevision/upbound-configuration-aws-eks-83c9d65f4a47 v0.5.0 - True Active HealthyPackageRevision
│ ├─ Configuration/upbound-configuration-aws-network v0.7.0 True True - HealthyPackageRevision
│ │ ├─ ConfigurationRevision/upbound-configuration-aws-network-97be9100cfe1 v0.7.0 - True Active HealthyPackageRevision
-│ │ ├─ Provider/upbound-provider-aws-ec2 v0.47.0 True True - HealthyPackageRevision
-│ │ │ ├─ ProviderRevision/upbound-provider-aws-ec2-cfeb0cd0f1d2 v0.47.0 - True Active HealthyPackageRevision
-│ │ │ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision
-│ │ │ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v1.0.0 - True Active HealthyPackageRevision
+│ │ ├─ Provider/upbound-provider-aws-ec2 v2.0.0 True True - HealthyPackageRevision
+│ │ │ ├─ ProviderRevision/upbound-provider-aws-ec2-cfeb0cd0f1d2 v2.0.0 - True Active HealthyPackageRevision
+│ │ │ └─ Provider/upbound-provider-family-aws v2.0.0 True True - HealthyPackageRevision
+│ │ │ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v2.0.0 - True Active HealthyPackageRevision
│ │ └─ Function/upbound-function-patch-and-transform v0.2.1 True True - HealthyPackageRevision
│ │ └─ FunctionRevision/upbound-function-patch-and-transform-a2f88f8d8715 v0.2.1 - True Active HealthyPackageRevision
│ ├─ Provider/crossplane-contrib-provider-helm v0.16.0 True True - HealthyPackageRevision
│ │ └─ ProviderRevision/crossplane-contrib-provider-helm-b4cc4c2c8db3 v0.16.0 - True Active HealthyPackageRevision
│ ├─ Provider/crossplane-contrib-provider-kubernetes v0.10.0 True True - HealthyPackageRevision
│ │ └─ ProviderRevision/crossplane-contrib-provider-kubernetes-63506a3443e0 v0.10.0 - True Active HealthyPackageRevision
-│ ├─ Provider/upbound-provider-aws-ec2 v0.47.0 True True - HealthyPackageRevision
-│ │ ├─ ProviderRevision/upbound-provider-aws-ec2-cfeb0cd0f1d2 v0.47.0 - True Active HealthyPackageRevision
-│ │ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision
-│ │ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v1.0.0 - True Active HealthyPackageRevision
-│ ├─ Provider/upbound-provider-aws-eks v0.47.0 True True - HealthyPackageRevision
-│ │ ├─ ProviderRevision/upbound-provider-aws-eks-641a096d79d8 v0.47.0 - True Active HealthyPackageRevision
-│ │ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision
-│ │ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v1.0.0 - True Active HealthyPackageRevision
-│ ├─ Provider/upbound-provider-aws-iam v0.47.0 True True - HealthyPackageRevision
-│ │ ├─ ProviderRevision/upbound-provider-aws-iam-438eac423037 v0.47.0 - True Active HealthyPackageRevision
-│ │ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision
-│ │ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v1.0.0 - True Active HealthyPackageRevision
+│ ├─ Provider/upbound-provider-aws-ec2 v2.0.0 True True - HealthyPackageRevision
+│ │ ├─ ProviderRevision/upbound-provider-aws-ec2-cfeb0cd0f1d2 v2.0.0 - True Active HealthyPackageRevision
+│ │ └─ Provider/upbound-provider-family-aws v2.0.0 True True - HealthyPackageRevision
+│ │ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v2.0.0 - True Active HealthyPackageRevision
+│ ├─ Provider/upbound-provider-aws-eks v2.0.0 True True - HealthyPackageRevision
+│ │ ├─ ProviderRevision/upbound-provider-aws-eks-641a096d79d8 v2.0.0 - True Active HealthyPackageRevision
+│ │ └─ Provider/upbound-provider-family-aws v2.0.0 True True - HealthyPackageRevision
+│ │ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v2.0.0 - True Active HealthyPackageRevision
+│ ├─ Provider/upbound-provider-aws-iam v2.0.0 True True - HealthyPackageRevision
+│ │ ├─ ProviderRevision/upbound-provider-aws-iam-438eac423037 v2.0.0 - True Active HealthyPackageRevision
+│ │ └─ Provider/upbound-provider-family-aws v2.0.0 True True - HealthyPackageRevision
+│ │ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v2.0.0 - True Active HealthyPackageRevision
│ └─ Function/upbound-function-patch-and-transform v0.2.1 True True - HealthyPackageRevision
│ └─ FunctionRevision/upbound-function-patch-and-transform-a2f88f8d8715 v0.2.1 - True Active HealthyPackageRevision
├─ Configuration/upbound-configuration-app v0.2.0 True True - HealthyPackageRevision
@@ -848,10 +842,10 @@ Configuration/platform-ref-aws
├─ ConfigurationRevision/platform-ref-aws-9ad7b5db2899 v0.9.0 - True Active HealthyPackageRevision
├─ Configuration/upbound-configuration-aws-network v0.2.0 True True - HealthyPackageRevision
│ ├─ ConfigurationRevision/upbound-configuration-aws-network-288fcd1b88dd v0.2.0 - True Active HealthyPackageRevision
-│ └─ Provider/upbound-provider-aws-ec2 v1.0.0 True True - HealthyPackageRevision
-│ ├─ ProviderRevision/upbound-provider-aws-ec2-5cfd948d082f v1.0.0 - True Active HealthyPackageRevision
-│ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision
-│ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v1.0.0 - True Active HealthyPackageRevision
+│ └─ Provider/upbound-provider-aws-ec2 v2.0.0 True True - HealthyPackageRevision
+│ ├─ ProviderRevision/upbound-provider-aws-ec2-5cfd948d082f v2.0.0 - True Active HealthyPackageRevision
+│ └─ Provider/upbound-provider-family-aws v2.0.0 True True - HealthyPackageRevision
+│ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v2.0.0 - True Active HealthyPackageRevision
# Removed for brevity
```
@@ -862,15 +856,17 @@ crossplane beta trace configuration platform-ref-aws --show-package-revisions no
NAME VERSION INSTALLED HEALTHY STATE STATUS
Configuration/platform-ref-aws v0.9.0 True True - HealthyPackageRevision
├─ Configuration/upbound-configuration-aws-network v0.2.0 True True - HealthyPackageRevision
-│ └─ Provider/upbound-provider-aws-ec2 v1.0.0 True True - HealthyPackageRevision
-│ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision
+│ └─ Provider/upbound-provider-aws-ec2 v2.0.0 True True - HealthyPackageRevision
+│ └─ Provider/upbound-provider-family-aws v2.0.0 True True - HealthyPackageRevision
# Removed for brevity
```
+
### beta validate
+
The `crossplane beta validate` command validates
-[compositions]({{][}}) against provider or XRD
+[compositions]({{][}}) against provider or XRD
schemas using the Kubernetes API server's validation library
with extra validation such as checking for unknown fields,
a common source of difficult to debug issues in Crossplane.
@@ -941,9 +937,9 @@ provider manifests of the resources to validate.
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
- name: provider-aws-iam
+ name: crossplane-contrib-provider-aws-iam
spec:
- package: xpkg.crossplane.io/crossplane-contrib/provider-aws-iam:v1.21.1
+ package: xpkg.crossplane.io/crossplane-contrib/provider-aws-iam:v2.0.0
```
Now include the XR or managed resource to validate.
@@ -953,9 +949,10 @@ For example, to validate an
provide a managed resource YAML file.
```yaml {label="iamAK"}
-apiVersion: iam.aws.upbound.io/v1beta1
+apiVersion: iam.aws.m.upbound.io/v1beta1
kind: AccessKey
metadata:
+ namespace: default
name: sample-access-key-0
spec:
forProvider:
@@ -969,7 +966,7 @@ resource YAML files as input.
```shell
crossplane beta validate provider.yaml managedResource.yaml
-[✓] iam.aws.upbound.io/v1beta1, Kind=AccessKey, sample-access-key-0 validated successfully
+[✓] iam.aws.m.upbound.io/v1beta1, Kind=AccessKey, sample-access-key-0 validated successfully
Total 1 resources: 0 missing schemas, 1 success case, 0 failure cases
```
@@ -987,14 +984,16 @@ option with `crossplane beta validate` to pipe the output from
crossplane render xr.yaml composition.yaml function.yaml --include-full-xr | crossplane beta validate schemas.yaml -
[x] schema validation error example.crossplane.io/v1beta1, Kind=XR, example : status.conditions[0].lastTransitionTime: Invalid value: "null": status.conditions[0].lastTransitionTime in body must be of type string: "null"
[x] schema validation error example.crossplane.io/v1beta1, Kind=XR, example : spec: Required value
-[✓] iam.aws.upbound.io/v1beta1, Kind=AccessKey, sample-access-key-0 validated successfully
-[✓] iam.aws.upbound.io/v1beta1, Kind=AccessKey, sample-access-key-1 validated successfully
-[✓] iam.aws.upbound.io/v1beta1, Kind=User, test-user-0 validated successfully
-[✓] iam.aws.upbound.io/v1beta1, Kind=User, test-user-1 validated successfully
+[✓] iam.aws.m.upbound.io/v1beta1, Kind=AccessKey, sample-access-key-0 validated successfully
+[✓] iam.aws.m.upbound.io/v1beta1, Kind=AccessKey, sample-access-key-1 validated successfully
+[✓] iam.aws.m.upbound.io/v1beta1, Kind=User, test-user-0 validated successfully
+[✓] iam.aws.m.upbound.io/v1beta1, Kind=User, test-user-1 validated successfully
Total 5 resources: 0 missing schemas, 4 success cases, 1 failure cases
```
+
#### Validate Common Expression Language rules
+
XRDs can define [validation rules](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-rules) expressed in the Common Expression Language
([CEL](https://kubernetes.io/docs/reference/using-api/cel/)).
@@ -1085,10 +1084,10 @@ Provide the directory name and a resource YAML file to the
crossplane beta validate schema resources.yaml
[x] schema validation error example.crossplane.io/v1beta1, Kind=XR, example : status.conditions[0].lastTransitionTime: Invalid value: "null": status.conditions[0].lastTransitionTime in body must be of type string: "null"
[x] CEL validation error example.crossplane.io/v1beta1, Kind=XR, example : spec: Invalid value: "object": no such key: minReplicas evaluating rule: replicas should be greater than or equal to minReplicas.
-[✓] iam.aws.upbound.io/v1beta1, Kind=AccessKey, sample-access-key-0 validated successfully
-[✓] iam.aws.upbound.io/v1beta1, Kind=AccessKey, sample-access-key-1 validated successfully
-[✓] iam.aws.upbound.io/v1beta1, Kind=User, test-user-0 validated successfully
-[✓] iam.aws.upbound.io/v1beta1, Kind=User, test-user-1 validated successfully
+[✓] iam.aws.m.upbound.io/v1beta1, Kind=AccessKey, sample-access-key-0 validated successfully
+[✓] iam.aws.m.upbound.io/v1beta1, Kind=AccessKey, sample-access-key-1 validated successfully
+[✓] iam.aws.m.upbound.io/v1beta1, Kind=User, test-user-0 validated successfully
+[✓] iam.aws.m.upbound.io/v1beta1, Kind=User, test-user-1 validated successfully
Total 5 resources: 0 missing schemas, 4 success cases, 1 failure cases
```
diff --git a/content/v2.1/composition/_index.md b/content/v2.1/composition/_index.md
new file mode 100644
index 000000000..f2486cd7d
--- /dev/null
+++ b/content/v2.1/composition/_index.md
@@ -0,0 +1,7 @@
+---
+title: Composition
+weight: 51
+description: Build custom APIs by composing Kubernetes resources
+---
+
+{{< auto-index >}}
diff --git a/content/v1.19/concepts/composite-resource-definitions.md b/content/v2.1/composition/composite-resource-definitions.md
similarity index 53%
rename from content/v1.19/concepts/composite-resource-definitions.md
rename to content/v2.1/composition/composite-resource-definitions.md
index 49a849ac6..0eb242bea 100644
--- a/content/v1.19/concepts/composite-resource-definitions.md
+++ b/content/v2.1/composition/composite-resource-definitions.md
@@ -1,71 +1,69 @@
---
title: Composite Resource Definitions
-weight: 40
-description: "Composite Resource Definitions or XRDs define custom API schemas"
+weight: 20
+description: "Define schemas for composite resources"
---
-Composite resource definitions (`XRDs`) define the schema for a custom API.
-Users create composite resources (`XRs`) and Claims (`XCs`) using the API
-schema defined by an `XRD`.
+Composite resource definitions (`XRDs`) define the schema for a custom API.
+Users create composite resources (`XRs`) using the API schema defined by an
+XRD.
-{{< hint "note" >}}
-
+{{}}
Read the [composite resources]({{][}}) page for more
information about composite resources.
+{{]}}
-Read the [Claims]({{[}}) page for more
-information about Claims.
-{{]}}
+{{}}
+A [composite resource]({{[}}) or XR is a custom API.
-{{}}
-Crossplane has four core components that users commonly mix up:
+You use two Crossplane types to create a new custom API:
-* [Compositions]({{][}}) - A template to define how to create resources.
-* Composite Resource Definition (`XRD`) - This page. A custom API specification.
-* [Composite Resource]({{][}}) (`XR`) - Created by
- using the custom API defined in a Composite Resource Definition. XRs use the
- Composition template to create new managed resources.
-* [Claims]({{][}}) (`XRC`) - Like a Composite Resource, but
- with namespace scoping.
+* A Composite Resource Definition (XRD) - This page. Defines the XR's schema.
+* A [Composition]({{][}}) - Configures how the XR creates
+ other resources.
{{]}}
-Crossplane XRDs are like
-[Kubernetes custom resource definitions](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/).
-XRDs require fewer fields and add options related to Crossplane, like Claims and
-connection secrets.
+Crossplane XRDs are like
+[Kubernetes custom resource definitions](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/).
+XRDs require fewer fields and add options related to Crossplane, like connection
+secrets.
+
+
## Creating a CompositeResourceDefinition
+
+
Creating a CompositeResourceDefinition consists of:
* [Defining a custom API group](#xrd-groups).
* [Defining a custom API name](#xrd-names).
* [Defining a custom API schema and version](#xrd-versions).
-
+* [Setting the scope](#xrd-scope) (namespaced or cluster-scoped).
+
Optionally, CompositeResourceDefinitions also support:
-* [Offering a Claim](#enable-claims).
-* [Defining connection secrets](#manage-connection-secrets).
* [Setting composite resource defaults](#set-composite-resource-defaults).
-
+
Composite resource definitions (`XRDs`) create new API endpoints inside a
-Kubernetes cluster.
+Kubernetes cluster.
-Creating a new API requires defining an API
-{{}}group{{}},
-{{}}name{{}} and
-{{}}version{{}}.
+Creating a new API requires defining an API
+{{}}group{{}},
+{{}}name{{}} and
+{{}}version{{}}.
```yaml {label="xrd1",copy-lines="none"}
-apiVersion: apiextensions.crossplane.io/v1
+apiVersion: apiextensions.crossplane.io/v2
kind: CompositeResourceDefinition
-metadata:
- name: xmydatabases.example.org
+metadata:
+ name: mydatabases.example.org
spec:
+ scope: Namespaced
group: example.org
names:
kind: XMyDatabase
- plural: xmydatabases
+ plural: mydatabases
versions:
- name: v1alpha1
# Removed for brevity
@@ -74,101 +72,107 @@ spec:
After applying an XRD, Crossplane creates a new Kubernetes custom resource
definition matching the defined API.
-For example, the XRD
-{{}}xmydatabases.example.org{{}}
-creates a custom resource definition
-{{}}xmydatabases.example.org{{}}.
+For example, the XRD
+{{}}mydatabases.example.org{{}}
+creates a custom resource definition
+{{}}mydatabases.example.org{{}}.
```shell {label="kubeapi",copy-lines="3"}
kubectl api-resources
NAME SHORTNAMES APIVERSION NAMESPACED KIND
-xmydatabases.example.org v1alpha1 false xmydatabases
+mydatabases.example.org v1alpha1 true mydatabases
# Removed for brevity
```
{{}}
You can't change the XRD
{{}}group{{}} or
-{{}}names{{}}.
+{{}}names{{}}.
You must delete and
-recreate the XRD to change the
+recreate the XRD to change the
{{}}group{{}} or
{{}}names{{}}.
{{}}
+
+
### XRD groups
+
+
Groups define a collection of related API endpoints. The `group` can be any
value, but common convention is to map to a fully qualified domain name.
-Many XRDs may use the same `group` to create a logical collection of APIs.
+Many XRDs may use the same `group` to create a logical collection of APIs.
-For example a `database` group may have a `relational` and `nosql` kinds.
-
-{{}}
-Group names are cluster scoped. Choose group names that don't conflict with
-Providers.
-Avoid Provider names in the group.
-{{< /hint >}}
+For example a `database` group may have a `relational` and `nosql` kinds.
+
+
### XRD names
+
+
-The `names` field defines how to refer to this specific XRD.
-The required name fields are:
+The `names` field defines how to refer to this specific XRD.
+The required name fields are:
* `kind` - the `kind` value to use when calling this API. The kind is
[UpperCamelCased](https://kubernetes.io/docs/contribute/style/style-guide/#use-upper-camel-case-for-api-objects).
- Crossplane recommends starting XRD `kinds` with an `X` to show
- it's a custom Crossplane API definition.
+ Crossplane recommends starting XRD `kinds` with an `X` to show
+ it's a custom Crossplane API definition.
* `plural` - the plural name used for the API URL. The plural name must be
- lowercase.
+ lowercase.
{{}}
-The XRD
-{{}}metadata.name{{}} must be
+The XRD
+{{}}metadata.name{{}} must be
{{}}plural{{}} name, `.` (dot character),
{{}}group{{}}.
For example, {{}}xmydatabases.example.org{{}} matches the {{}}mydatabases.example.org{{}} matches the {{}}plural{{}} name
-{{}}xmydatabases{{}}, `.`
-{{}}group{{}} name,
+{{}}mydatabases{{}}, `.`
+{{}}group{{}} name,
{{}}example.org{{}}.
```yaml {label="xrdName",copy-lines="none"}
apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
-metadata:
- name: xmydatabases.example.org
+metadata:
+ name: mydatabases.example.org
spec:
group: example.org
names:
kind: XMyDatabase
- plural: xmydatabases
+ plural: mydatabases
# Removed for brevity
```
{{}}
+
+
### XRD versions
+
+
-The XRD `version` is like the
+The XRD `version` is like the
[API versioning used by Kubernetes](https://kubernetes.io/docs/reference/using-api/#api-versioning).
The version shows how mature or stable the API is and increments when changing,
adding or removing fields in the API.
-Crossplane doesn't require specific versions or a specific version naming
-convention, but following
+Crossplane doesn't require specific versions or a specific version naming
+convention, but following
[Kubernetes API versioning guidelines](https://kubernetes.io/docs/reference/using-api/#api-versioning)
-is strongly recommended.
+is strongly recommended.
* `v1alpha1` - A new API that may change at any time.
* `v1beta1` - An existing API that's considered stable. Breaking changes are
strongly discouraged.
-* `v1` - A stable API that doesn't have breaking changes.
+* `v1` - A stable API that doesn't have breaking changes.
#### Define a schema
@@ -176,24 +180,24 @@ is strongly recommended.
The `schema` defines the names
of the parameters, the data types of the parameters and which parameters are
-required or optional.
+required or optional.
{{}}
-All `schemas` follow the Kubernetes custom resource definition
-[OpenAPIv3 structural schema](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#specifying-a-structural-schema).
+All `schemas` follow the Kubernetes custom resource definition
+[OpenAPIv3 structural schema](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#specifying-a-structural-schema).
{{< /hint >}}
-Each
-{{}}version{{}} of the API has a unique
-{{}}schema{{}}.
+Each
+{{}}version{{}} of the API has a unique
+{{}}schema{{}}.
All XRD {{}}schemas{{}} validate against
the {{}}openAPIV3Schema{{}}. The schema
-is an OpenAPI
-{{}}object{{}} with the
-{{}}properties{{}} of a
+is an OpenAPI
+{{}}object{{}} with the
+{{}}properties{{}} of a
{{}}spec{{}}
{{}}object{{}}.
@@ -227,50 +231,50 @@ spec:
# Removed for brevity
```
-A composite resource using this API references the
-{{}}group/version{{}} and
-{{}}kind{{}}. The
-{{}}spec{{}} has the
-{{}}region{{}} key with a string value.
+A composite resource using this API references the
+{{}}group/version{{}} and
+{{}}kind{{}}. The
+{{}}spec{{}} has the
+{{}}region{{}} key with a string value.
```yaml {label="xr"}
apiVersion: custom-api.example.org/v1alpha1
kind: xDatabase
metadata:
name: my-composite-resource
-spec:
+spec:
region: "US"
```
{{}}
-The custom API defined inside the
+The custom API defined inside the
{{}}spec.properties{{}} is an OpenAPIv3
-specification. The
-[data models page](https://swagger.io/docs/specification/data-models/) of
+specification. The
+[data models page](https://swagger.io/docs/specification/data-models/) of
the Swagger documentation provides a list of examples using data types and input
-restrictions.
+restrictions.
-The Kubernetes documentation lists
+The Kubernetes documentation lists
[the set of special restrictions](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation)
on what your OpenAPIv3 custom API can use.
{{< /hint >}}
{{}}
-Changing or expanding the XRD schema requires restarting the [Crossplane pod]({{[}}) to take effect.
+Changing or expanding the XRD schema requires restarting the [Crossplane pod]({{][}}) to take effect.
{{< /hint >}}
##### Required fields
By default all fields in a schema are optional. Define a parameter as required
-with the
-{{< hover label="required" line="25">}}required{{}} attribute.
+with the
+{{< hover label="required" line="25">}}required{{}} attribute.
-In this example the XRD requires
-{{< hover label="required" line="19">}}region{{}} and
+In this example the XRD requires
+{{< hover label="required" line="19">}}region{{}} and
{{< hover label="required" line="21">}}size{{}} but
-{{< hover label="required" line="23">}}name{{}} is optional.
+{{< hover label="required" line="23">}}name{{}} is optional.
```yaml {label="required",copy-lines="none"}
apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
@@ -291,13 +295,13 @@ spec:
type: object
properties:
region:
- type: string
+ type: string
size:
- type: string
+ type: string
name:
- type: string
- required:
- - region
+ type: string
+ required:
+ - region
- size
# Removed for brevity
```
@@ -310,15 +314,15 @@ This XRD defines two objects:
1. the top-level {{}}spec{{}} object
2. a second {{}}location{{}} object
-The {{}}spec{{}} object
-{{}}requires{{}} the
-{{}}size{{}} and
-{{}}location{{}} but
+The {{}}spec{{}} object
+{{}}requires{{}} the
+{{}}size{{}} and
+{{}}location{{}} but
{{}}name{{}} is optional.
-Inside the required {{}}location{{}}
+Inside the required {{}}location{{}}
object,
-{{}}country{{}} is
+{{}}country{{}} is
{{}}required{{}} and
{{}}zone{{}} is optional.
@@ -333,35 +337,32 @@ object,
type: object
properties:
size:
- type: string
+ type: string
name:
- type: string
+ type: string
location:
type: object
properties:
- country:
- type: string
+ country:
+ type: string
zone:
type: string
required:
- country
- required:
+ required:
- size
- location
```
The Swagger "[Describing Parameters](https://swagger.io/docs/specification/describing-parameters/)"
-documentation has more examples.
+documentation has more examples.
##### Crossplane reserved fields
Crossplane doesn't allow the following fields in a schema:
-* `spec.resourceRef`
-* `spec.resourceRefs`
-* `spec.claimRef`
-* `spec.writeConnectionSecretToRef`
+* Any field under the object `spec.crossplane`
+* Any field under the object `status.crossplane`
* `status.conditions`
-* `status.connectionDetails`
Crossplane ignores any fields matching the reserved fields.
@@ -369,7 +370,7 @@ Crossplane ignores any fields matching the reserved fields.
To use a schema it must be
{{}}served: true{{}}
-and
+and
{{}}referenceable: true{{}}.
```yaml {label="served"}
@@ -394,26 +395,26 @@ spec:
type: object
properties:
region:
- type: string
+ type: string
```
-Composite resources can use any schema version set as
-{{}}served: true{{}}.
+Composite resources can use any schema version set as
+{{}}served: true{{}}.
Kubernetes rejects any composite resource using a schema version set as `served:
false`.
{{< hint "tip" >}}
Setting a schema version as `served:false` causes errors for users using an older
schema. This can be an effective way to identify and upgrade users before
-deleting the older schema version.
+deleting the older schema version.
{{< /hint >}}
The {{}}referenceable: true{{}}
field indicates which version of the schema Compositions use. Only one
-version can be `referenceable`.
+version can be `referenceable`.
{{< hint "note" >}}
-Changing which version is `referenceable:true` requires [updating the `compositeTypeRef.apiVersion`]({{][}})
+Changing which version is `referenceable:true` requires [updating the `compositeTypeRef.apiVersion`]({{][}})
of any Compositions referencing that XRD.
{{< /hint >}}
@@ -432,27 +433,27 @@ a "breaking change."
-Crossplane XRDs use Kubernetes custom resource definitions for versioning.
-Read the Kubernetes documentation on
+Crossplane XRDs use Kubernetes custom resource definitions for versioning.
+Read the Kubernetes documentation on
[versions in CustomResourceDefinitions](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning/)
-for more background on versions and breaking changes.
+for more background on versions and breaking changes.
Crossplane recommends implementing breaking schema changes as brand new XRDs.
{{< /hint >}}
-For XRDs, to create a new version of an API add a new
+For XRDs, to create a new version of an API add a new
{{}}name{{}} in the
{{}}versions{{}}
-list.
+list.
-For example, this XRD version
-{{}}v1alpha1{{}} only has the field
+For example, this XRD version
+{{}}v1alpha1{{}} only has the field
{{}}region{{}}.
-A second version,
-{{}}v1{{}} expands the API to have both
-{{}}region{{}} and
+A second version,
+{{}}v1{{}} expands the API to have both
+{{}}region{{}} and
{{}}size{{}}.
```yaml {label="ver",copy-lines="none"}
@@ -475,7 +476,7 @@ spec:
type: object
properties:
region:
- type: string
+ type: string
- name: v1
schema:
openAPIV3Schema:
@@ -485,203 +486,66 @@ spec:
type: object
properties:
region:
- type: string
+ type: string
size:
- type: string
+ type: string
```
{{}}
-Changing or expanding the XRD schema requires restarting the [Crossplane pod]({{][}}) to take effect.
+Changing or expanding the XRD schema requires restarting the [Crossplane pod]({{][}}) to take effect.
{{< /hint >}}
-### Enable Claims
-
-Optionally, XRDs can allow Claims to use the XRD API.
+
+
+### XRD scope
+
+
-{{}}
-
-Read the [Claims]({{][}}) page for more
-information about Claims.
-{{]}}
-
-XRDs offer Claims with a
-{{}}claimNames{{}} object.
-
-The {{}}claimNames{{}} defines a
-{{}}kind{{}} and
-{{}}plural{{}} like the XRD
-{{}}names{{}} object.
-Also like XRD
-{{}}names{{}}, use UpperCamelCase
-for the
-{{}}kind{{}} and lowercase for the
-{{}}plural{{}}.
-
-The Claim
-{{}}kind{{}} and
-{{}}plural{{}} must be unique. They
-can't match any other Claim or other XRD
-{{}}kind{{}}.
-
-{{}}
-Common Crossplane convention is to use
-{{}}claimNames{{}} that match the XRD
-{{}}names{{}}, but without the beginning
-"x."
-{{}}
+The {{}}scope{{}} field determines
+whether composite resources created from this XRD exist in a namespace or
+at cluster scope.
-```yaml {label="claim",copy-lines="none"}
-apiVersion: apiextensions.crossplane.io/v1
+```yaml {label="xrdscope",copy-lines="none"}
+apiVersion: apiextensions.crossplane.io/v2
kind: CompositeResourceDefinition
metadata:
- name: xdatabases.custom-api.example.org
+ name: mydatabases.example.org
spec:
- group: custom-api.example.org
- names:
- kind: xDatabase
- plural: xdatabases
- claimNames:
- kind: Database
- plural: databases
- versions:
+ scope: Namespaced
# Removed for brevity
```
-{{}}
-You can't change the
-{{}}claimNames{{}}
-after they're defined. You must delete and
-recreate the XRD to change the
-{{}}claimNames{{}}.
-{{}}
-
-### Manage connection secrets
-
-When a composite resource creates managed resources, Crossplane provides any
-[connection secrets]({{[}})
-to the composite resource or Claim. This requires the creators of composite
-resources and Claims to know the secrets provided by a managed resource.
-In other cases, Crossplane administrators may not want to expose some or all the
-generated connection secrets.
+The scope field supports three values:
-XRDs can define a list of
-{{}}connectionSecretKeys{{}}
-to limit what's provided to a composite resource or Claim.
+* `Namespaced` - **(Default in v2)** - Composite resources exist in a
+ namespace and can only compose resources in the same namespace.
+* `Cluster` - Composite resources are cluster-scoped and can compose resources
+ in any namespace or at cluster scope.
+* `LegacyCluster` - Cluster-scoped with support for claims (v1 compatibility
+ mode).
-Crossplane only provides the keys listed in the
-{{}}connectionSecretKeys{{}}
-to the composite resource or Claim using this XRD. Any other connection
-secrets aren't passed to the composite resource or Claim.
-
-{{}}
-The keys listed in the
-{{}}connectionSecretKeys{{}} must match the
-key names listed in the Composition's `connectionDetails`.
-
-An XRD ignores any keys listed that aren't created by a managed resource.
-
-For more information read the
-[Composition documentation]({{][}}).
+{{}}
+Most XRDs should use `Namespaced` scope. This provides better security
+isolation and follows standard Kubernetes patterns. Use `Cluster` scope only
+for platform level resources like RBAC or cluster configuration.
{{< /hint >}}
-
-For example, an XRD passes the keys
-{{}}username{{}},
-{{}}password{{}} and
-{{}}address{{}}.
-
-Composite resources or Claims save these in the secret defined by their
-`writeConnectionSecretToRef` field.
-
-```yaml {label="key",copy-lines="none"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-metadata:
- name: xdatabases.custom-api.example.org
-spec:
- group: custom-api.example.org
- names:
- kind: xDatabase
- plural: xdatabases
- connectionSecretKeys:
- - username
- - password
- - address
- versions:
- # Removed for brevity
-```
-
-{{}}
-You can't change the `connectionSecretKeys` of an XRD. You must delete and
-recreate the XRD to change the `connectionSecretKeys`.
-{{}}
-
-For more information on connection secrets read the
-[Connection Secrets knowledge base article]({{][}}).
-
### Set composite resource defaults
-XRDs can set default parameters for composite resources and Claims.
-
-
-#### defaultCompositeDeletePolicy
-
-The `defaultCompositeDeletePolicy` defines the default value for the claim's
-`compositeDeletePolicy` property if the user doesn't specify a value when creating
-the claim. The claim controller uses the `compositeDeletePolicy` property to specify
-the propagation policy when deleting the associated composite.
-The `compositeDeletePolicy` doesn't apply to standalone composites that don't have
-associated claims.
-
-Using a `defaultCompositeDeletePolicy: Background` policy causes the CRD for the claim to have
-the default value `Background` for the `compositeDeletePolicy` property.
-When a deleted claim has the `compositeDeletePolicy` property set to `Background`
-the claim controller deletes the composite resource using the propagation policy `background`
-and returns, relying on Kubernetes to delete the remaining child objects,
-like managed resources, nested composites and secrets.
-
-Using `defaultCompositeDeletePolicy: Foreground` causes the CRD for the claim to have
-the `compositeDeletePolicy` default value `Foreground`. When a deleted claim has the
-`compositeDeletePolicy` property set to `Foreground` the controller
-deletes the associated composite using the propagation policy `foreground`. This causes Kubernetes
-to use foreground cascading deletion which deletes all child resources before deleting the
-parent resource. The claim controller waits for the composite deletion to finish before returning.
-
-When creating a claim the user can override the `defaultCompositeDeletePolicy` by including
-the `spec.compositeDeletePolicy` property with either the `Background` or `Foreground` value.
-
-The default value is `defaultCompositeDeletePolicy: Background`.
-
-Set
-{{}}defaultCompositeDeletePolicy: Foreground{{}}
-to change the XRD deletion policy.
-
-```yaml {label="delete",copy-lines="none"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-metadata:
- name: xdatabases.custom-api.example.org
-spec:
- defaultCompositeDeletePolicy: Foreground
- group: custom-api.example.org
- names:
- # Removed for brevity
- versions:
- # Removed for brevity
-```
+XRDs can set default parameters for composite resources.
#### defaultCompositionRef
It's possible for multiple [Compositions]({{][}}) to
reference the same XRD. If more than one Composition references the same XRD,
-the composite resource or Claim must select which Composition to use.
+the composite resource must select which Composition to use.
An XRD can define the default Composition to use with the
-`defaultCompositionRef` value.
+`defaultCompositionRef` value.
Set a
-{{}}defaultCompositionRef{{}}
+{{}}defaultCompositionRef{{}}
to set the default Composition.
```yaml {label="defaultComp",copy-lines="none"}
@@ -690,7 +554,7 @@ kind: CompositeResourceDefinition
metadata:
name: xdatabases.custom-api.example.org
spec:
- defaultCompositionRef:
+ defaultCompositionRef:
name: myComposition
group: custom-api.example.org
names:
@@ -704,16 +568,16 @@ spec:
Changes to a Composition generate a new Composition revision. By default all
-composite resources and Claims use the updated Composition revision.
+composite resources use the updated Composition revision.
Set the XRD `defaultCompositionUpdatePolicy` to `Manual` to prevent composite
-resources and Claims from automatically using the new revision.
+resources from automatically using the new revision.
The default value is `defaultCompositionUpdatePolicy: Automatic`.
Set {{}}defaultCompositionUpdatePolicy: Manual{{}}
-to set the default Composition update policy for composite resources and Claims
-using this XRD.
+to set the default Composition update policy for composite resources and using
+this XRD.
```yaml {label="compRev",copy-lines="none"}
apiVersion: apiextensions.crossplane.io/v1
@@ -732,13 +596,13 @@ spec:
#### enforcedCompositionRef
-To require all composite resources or Claims to use a specific Composition use
-the `enforcedCompositionRef` setting in the XRD.
+To require all composite resources to use a specific Composition use the
+`enforcedCompositionRef` setting in the XRD.
-For example, to require all composite resources and Claims using this XRD to use
-the Composition
-{{}}myComposition{{}}
-set
+For example, to require all composite resources using this XRD to use the
+Composition
+{{}}myComposition{{}}
+set
{{}}enforcedCompositionRef.name: myComposition{{}}.
```yaml {label="defaultComp",copy-lines="none"}
@@ -747,7 +611,7 @@ kind: CompositeResourceDefinition
metadata:
name: xdatabases.custom-api.example.org
spec:
- enforcedCompositionRef:
+ enforcedCompositionRef:
name: myComposition
group: custom-api.example.org
names:
@@ -756,13 +620,17 @@ spec:
# Removed for brevity
```
+
+
## Verify a CompositeResourceDefinition
+
+
-Verify an XRD with `kubectl get compositeresourcedefinition` or the short form,
+Verify an XRD with `kubectl get compositeresourcedefinition` or the short form,
{{}}kubectl get xrd{{}}.
```yaml {label="getxrd",copy-lines="1"}
-kubectl get xrd
+kubectl get xrd
NAME ESTABLISHED OFFERED AGE
xdatabases.custom-api.example.org True True 22m
```
@@ -770,13 +638,14 @@ xdatabases.custom-api.example.org True True 22m
The `ESTABLISHED` field indicates Crossplane installed the Kubernetes custom
resource definition for this XRD.
-The `OFFERED` field indicates this XRD offers a Claim and Crossplane installed
-the Kubernetes custom resource definitions for the Claim.
-
+
+
### XRD conditions
-Crossplane uses a standard set of `Conditions` for XRDs.
-View the conditions of a XRD under their `Status` with
-`kubectl describe xrd`.
+
+
+Crossplane uses a standard set of `Conditions` for XRDs.
+View the conditions of a XRD under their `Status` with
+`kubectl describe xrd`.
```yaml {copy-lines="none"}
kubectl describe xrd
@@ -789,9 +658,6 @@ Status:
Reason: WatchingCompositeResource
Status: True
Type: Established
- Reason: WatchingCompositeResourceClaim
- Status: True
- Type: Offered
# Removed for brevity
```
@@ -799,8 +665,8 @@ Status:
#### WatchingCompositeResource
`Reason: WatchingCompositeResource` indicates Crossplane defined the new
-Kubernetes custom resource definitions related to the composite resource and is
-watching for the creation of new composite resources.
+Kubernetes custom resource definitions related to the composite resource and is
+watching for the creation of new composite resources.
```yaml
Type: Established
@@ -812,7 +678,7 @@ Reason: WatchingCompositeResource
#### TerminatingCompositeResource
`Reason: TerminatingCompositeResource` indicates Crossplane is deleting the
-custom resource definitions related to the composite resource and is
+custom resource definitions related to the composite resource and is
terminating the composite resource controller.
```yaml
@@ -820,29 +686,3 @@ Type: Established
Status: False
Reason: TerminatingCompositeResource
```
-
-
-#### WatchingCompositeResourceClaim
-
-`Reason: WatchingCompositeResourceClaim` indicates Crossplane defined the new
-Kubernetes custom resource definitions related to the offered Claims and is
-watching for the creation of new Claims.
-
-```yaml
-Type: Offered
-Status: True
-Reason: WatchingCompositeResourceClaim
-```
-
-
-#### TerminatingCompositeResourceClaim
-
-`Reason: TerminatingCompositeResourceClaim` indicates Crossplane is deleting the
-custom resource definitions related to the offered Claims and is
-terminating the Claims controller.
-
-```yaml
-Type: Offered
-Status: False
-Reason: TerminatingCompositeResourceClaim
-```
\ No newline at end of file
diff --git a/content/v2.1/composition/composite-resources.md b/content/v2.1/composition/composite-resources.md
new file mode 100644
index 000000000..cf93addcc
--- /dev/null
+++ b/content/v2.1/composition/composite-resources.md
@@ -0,0 +1,351 @@
+---
+title: Composite Resources
+weight: 10
+description: "Custom APIs created by composing Kubernetes resources"
+---
+
+A composite resource, or XR, represents a set of Kubernetes resources as a
+single Kubernetes object. Crossplane creates composite resources when users
+access a custom API, defined in the CompositeResourceDefinition.
+
+{{}}
+Composite resources are a _composite_ of Kubernetes resources.
+A _Composition_ defines how to _compose_ the resources together.
+{{< /hint >}}
+
+{{}}
+A composite resource or XR (this page) is a custom API.
+
+You use two Crossplane types to create a new custom API:
+
+* A [Composite Resource Definition]({{][}})
+ (XRD) - Defines the XR's schema.
+* A [Composition]({{][}}) - Configures how the XR creates
+ other resources.
+{{]}}
+
+## Create composite resources
+
+Creating composite resources requires a
+[Composition]({{[}}) and a
+[CompositeResourceDefinition]({{][}})
+(XRD).
+
+The Composition defines the set of resources to create. The XRD defines the
+custom API users call to request the set of resources.
+
+```mermaid
+flowchart TD
+
+user(["User"])
+xr("Composite Resource (XR)")
+xrd("Composite Resource Definition (XRD)")
+comp("Composition")
+cda("Composed Resource A")
+cdb("Composed Resource B")
+cdc("Composed Resource C")
+
+xrd -.defines.-> xr
+comp configure-xr@-.configures.-> xr
+user --creates--> xr
+xr compose-a@--composes-->cda
+xr compose-b@--composes-->cdb
+xr compose-c@--composes-->cdc
+
+configure-xr@{animate: true}
+compose-a@{animate: true}
+compose-b@{animate: true}
+compose-c@{animate: true}
+```
+
+XRDs define the API used to create a composite resource. For example,
+this {{}}CompositeResourceDefinition{{}}
+creates a custom API endpoint
+{{}}mydatabases.example.org{{}}.
+
+```yaml {label="xrd1",copy-lines="none"}
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+ name: mydatabases.example.org
+spec:
+ group: example.org
+ names:
+ kind: MyDatabase
+ plural: mydatabases
+ # Removed for brevity
+```
+
+When a user calls the custom API,
+{{}}mydatabases.example.org{{}},
+Crossplane chooses the Composition to use based on the Composition's
+{{}}compositeTypeRef{{}}
+
+```yaml {label="typeref",copy-lines="none"}
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+ name: my-composition
+spec:
+ compositeTypeRef:
+ apiVersion: example.org/v1alpha1
+ kind: MyDatabase
+ # Removed for brevity
+```
+
+The Composition
+{{}}compositeTypeRef{{}} matches the
+XRD {{}}group{{}} and
+{{}}kind{{}}.
+
+Crossplane creates the resources defined in the matching Composition and
+represents them as a single `composite` resource.
+
+```shell{copy-lines="1"}
+kubectl get composite
+NAME SYNCED READY COMPOSITION AGE
+my-composite-resource True True my-composition 4s
+```
+
+### Composition selection
+
+Select a specific Composition for a composite resource to use with
+{{}}compositionRef{{}}
+
+{{}}
+The selected Composition must allow the composite resource to use it with a
+`compositeTypeRef`. Read more about the `compositeTypeRef` field in the
+[Enable Composite Resources]({{][}})
+section of the Composition documentation.
+{{< /hint >}}
+
+```yaml {label="compref",copy-lines="none"}
+apiVersion: example.org/v1alpha1
+kind: MyDatabase
+metadata:
+ namespace: default
+ name: my-composite-resource
+spec:
+ crossplane:
+ compositionRef:
+ name: my-other-composition
+ # Removed for brevity
+```
+
+A composite resource can also select a Composition based on labels instead of
+the exact name with a
+{{}}compositionSelector{{}}.
+
+Inside the {{}}matchLabels{{}} section
+provide one or more Composition labels to match.
+
+```yaml {label="complabel",copy-lines="none"}
+apiVersion: example.org/v1alpha1
+kind: MyDatabase
+metadata:
+ namespace: default
+ name: my-composite-resource
+spec:
+ crossplane:
+ compositionSelector:
+ matchLabels:
+ environment: production
+ # Removed for brevity
+```
+
+### Composition revision policy
+
+Crossplane tracks changes to Compositions as
+[Composition revisions]({{][}}) .
+
+A composite resource can use
+a {{}}compositionUpdatePolicy{{}} to
+manually or automatically reference newer Composition revisions.
+
+The default
+{{}}compositionUpdatePolicy{{}} is
+"Automatic." Composite resources automatically use the latest Composition
+revision.
+
+Change the policy to
+{{}}Manual{{}} to prevent composite
+resources from automatically upgrading.
+
+```yaml {label="comprev",copy-lines="none"}
+apiVersion: example.org/v1alpha1
+kind: MyDatabase
+metadata:
+ namespace: default
+ name: my-composite-resource
+spec:
+ crossplane:
+ compositionUpdatePolicy: Manual
+ # Removed for brevity
+```
+
+### Composition revision selection
+
+Crossplane records changes to Compositions as
+[Composition revisions]({{][}}).
+A composite resource can
+select a specific Composition revision.
+
+
+Use {{}}compositionRevisionRef{{}} to
+select a specific Composition revision by name.
+
+For example, to select a specific Composition revision use the name of the
+desired Composition revision.
+
+```yaml {label="comprevref",copy-lines="none"}
+apiVersion: example.org/v1alpha1
+kind: MyDatabase
+metadata:
+ namespace: default
+ name: my-composite-resource
+spec:
+ crossplane:
+ compositionUpdatePolicy: Manual
+ compositionRevisionRef:
+ name: my-composition-b5aa1eb
+ # Removed for brevity
+```
+
+{{}}
+Find the Composition revision name from
+{{}}kubectl get compositionrevision{{}}
+
+```shell {label="getcomprev",copy-lines="1"}
+kubectl get compositionrevision
+NAME REVISION XR-KIND XR-APIVERSION AGE
+my-composition-5c976ad 1 mydatabases example.org/v1alpha1 65m
+my-composition-b5aa1eb 2 mydatabases example.org/v1alpha1 64m
+```
+{{< /hint >}}
+
+A Composite resource can also select Composition revisions based on labels
+instead of the exact name with a
+{{}}compositionRevisionSelector{{}}.
+
+Inside the {{}}matchLabels{{}}
+section provide one or more Composition revision labels to match.
+
+
+```yaml {label="comprevsel",copy-lines="none"}
+apiVersion: example.org/v1alpha1
+kind: MyDatabase
+metadata:
+ namespace: default
+ name: my-composite-resource
+spec:
+ crossplane:
+ compositionRevisionSelector:
+ matchLabels:
+ channel: dev
+ # Removed for brevity
+```
+
+### Pausing composite resources
+
+
+Crossplane supports pausing composite resources. A paused composite resource
+doesn't check or make changes on its external resources.
+
+
+To pause a composite resource apply the
+{{}}crossplane.io/paused{{}} annotation.
+
+```yaml {label="pause",copy-lines="none"}
+apiVersion: example.org/v1alpha1
+kind: MyDatabase
+metadata:
+ namespace: default
+ name: my-composite-resource
+ annotations:
+ crossplane.io/paused: "true"
+spec:
+ # Removed for brevity
+```
+
+## Verify composite resources
+Use
+{{}}kubectl get composite{{}}
+to view all the composite resources Crossplane created.
+
+```shell{copy-lines="1",label="getcomposite"}
+kubectl get composite
+NAME SYNCED READY COMPOSITION AGE
+my-composite-resource True True my-composition 4s
+```
+
+Use `kubectl get` for the specific custom API endpoint to view
+only those resources.
+
+```shell {copy-lines="1"}
+kubectl get mydatabases
+NAME SYNCED READY COMPOSITION AGE
+my-composite-resource True True my-composition 12m
+```
+
+Use
+{{}}kubectl describe composite{{}}
+to view the linked
+{{}}Composition Ref{{}},
+and unique resources created in the
+{{}}Resource Refs{{}}.
+
+
+```yaml {copy-lines="1",label="desccomposite"}
+kubectl describe composite my-composite-resource
+Name: my-composite-resource
+Namespace: default
+API Version: example.org/v1alpha1
+Kind: MyDatabase
+Spec:
+ Composition Ref:
+ Name: my-composition
+ Composition Revision Ref:
+ Name: my-composition-cf2d3a7
+ Composition Update Policy: Automatic
+ Resource Refs:
+ API Version: s3.aws.m.upbound.io/v1beta1
+ Kind: Bucket
+ Name: my-composite-resource-fmrks
+ API Version: dynamodb.aws.m.upbound.io/v1beta1
+ Kind: Table
+ Name: my-composite-resource-wnr9t
+# Removed for brevity
+```
+
+### Composite resource conditions
+
+
+A composite resource has two status conditions: Synced and Ready.
+
+
+Crossplane sets the Synced status condition to True when it's able to
+successfully reconcile the composite resource. If Crossplane can't reconcile the
+composite resource it reports an error in the Synced condition.
+
+Crossplane sets the Ready status condition to True when the composite resource's
+composition function pipeline reports that all its composed resources are
+ready. If a composed resource isn't ready Crossplane reports it in the
+Ready condition.
+
+## Composite resource labels
+
+Crossplane adds labels to composed resources to show their relationship to
+other Crossplane components.
+
+Crossplane adds the
+{{}} crossplane.io/composite{{}} label
+to all composed resources. The label matches the name of the composite.
+Crossplane applies the composite label to any resource created by a composite,
+creating a reference between the resource and owning composite resource.
+
+```shell {label="complabel",copy-lines="1"}
+kubectl describe mydatabase.example.org/my-database-x9rx9
+Name: my-database2-x9rx9
+Namespace: default
+Labels: crossplane.io/composite=my-database-x9rx9
+```
diff --git a/content/v1.19/concepts/composition-revisions.md b/content/v2.1/composition/composition-revisions.md
similarity index 67%
rename from content/v1.19/concepts/composition-revisions.md
rename to content/v2.1/composition/composition-revisions.md
index 74c203aaf..b9695f6f5 100644
--- a/content/v1.19/concepts/composition-revisions.md
+++ b/content/v2.1/composition/composition-revisions.md
@@ -1,35 +1,36 @@
---
title: Composition Revisions
weight: 35
+description: "Manage changes to Compositions with revisions"
---
-This guide discusses the use of "Composition Revisions" to safely make and roll
+This guide discusses the use of "Composition Revisions" to make and roll
back changes to a Crossplane [`Composition`][composition type]. It assumes
-familiarity with Crossplane, and particularly with
+familiarity with Crossplane and
[Compositions].
A `Composition` configures how Crossplane should reconcile a Composite Resource
(XR). Put otherwise, when you create an XR the selected `Composition` determines
-what managed resources Crossplane will create in response. Let's say for example
-that you define a `PlatformDB` XR, which represents your organisation's common
-database configuration of an Azure MySQL Server and a few firewall rules. The
+what resources Crossplane creates in response. For example,
+you define a `PlatformDB` XR, which represents your organisation's common
+database configuration of an Azure MySQL Server and some firewall rules. The
`Composition` contains the 'base' configuration for the MySQL server and the
-firewall rules that are extended by the configuration for the `PlatformDB`.
-
-A `Composition` is associated with multiple XRs that make use of it. You might
-define a `Composition` named `big-platform-db` that's used by ten different
-`PlatformDB` XRs. Usually, in the interest of self-service, the `Composition`
-is managed by a different team from the actual `PlatformDB` XRs. For example
-the `Composition` may be written and maintained by a platform team member,
-while individual application teams create `PlatformDB` XRs that use said
+firewall rules that the `PlatformDB` configuration extends.
+
+A `Composition` associates with multiple XRs that use it. You might
+define a `Composition` named `big-platform-db` that's used by ten different
+`PlatformDB` XRs. Often, in the interest of self-service, a different team manages the `Composition`
+than the actual `PlatformDB` XRs. For example
+a platform team member may write and maintain the `Composition`,
+while individual app teams create `PlatformDB` XRs that use said
`Composition`.
Each `Composition` is mutable - you can update it as your organisation's needs
-change. However, updating a `Composition` without Composition Revisions can be a
+change. Updating a `Composition` without Composition Revisions can be a
risky process. Crossplane constantly uses the `Composition` to ensure that your
actual infrastructure - your MySQL Servers and firewall rules - match your
desired state. If you have 10 `PlatformDB` XRs all using the `big-platform-db`
-`Composition`, all 10 of those XRs will be instantly updated in accordance with
+`Composition`, all 10 of those XRs are instantly updated following
any updates you make to the `big-platform-db` `Composition`.
Composition Revisions allow XRs to opt out of automatic updates. Instead you can
@@ -37,19 +38,19 @@ update your XRs to use the latest `Composition` settings at your own pace.
This enables you to [canary] changes to your infrastructure, or to roll back
some XRs to previous `Composition` settings without rolling back all XRs.
-## Using Composition Revisions
+## Using composition revisions
-When Composition Revisions are enabled three things happen:
+When you enable Composition Revisions three things happen:
1. Crossplane creates a `CompositionRevision` for each `Composition` update.
-1. Composite Resources gain a `spec.compositionRevisionRef` field that specifies
+1. Composite Resources gain a `spec.crossplane.compositionRevisionRef` field that specifies
which `CompositionRevision` they use.
-1. Composite Resources gain a `spec.compositionUpdatePolicy` field that
- specifies how they should be updated to new Composition Revisions.
+1. Composite Resources gain a `spec.crossplane.compositionUpdatePolicy` field that
+ specifies how Crossplane should update them to new Composition Revisions.
-Each time you edit a `Composition` Crossplane will automatically create a
+Each time you edit a `Composition` Crossplane automatically creates a
`CompositionRevision` that represents that 'revision' of the `Composition` -
-that unique state. Each revision is allocated an increasing revision number.
+that unique state. Crossplane allocates each revision an increasing revision number.
This gives `CompositionRevision` consumers an idea about which revision is
'newest'.
@@ -71,35 +72,33 @@ example-xjrdmzz 3 61s
> A `Composition` is a mutable resource that you can update as your needs
> change over time. Each `CompositionRevision` is an immutable snapshot of those
-> needs at a particular point in time.
+> needs at a particular time.
-Crossplane behaves the same way by default whether Composition Revisions are
-enabled or not. This is because when you enable Composition Revisions all XRs
+Crossplane behaves the same way by default whether you enable Composition Revisions or not. When you enable Composition Revisions all XRs
default to the `Automatic` `compositionUpdatePolicy`. XRs support two update
policies:
* `Automatic`: Automatically use the latest `CompositionRevision`. (Default)
* `Manual`: Require manual intervention to change `CompositionRevision`.
-The below XR uses the `Manual` policy. When this policy is used the XR will
-select the latest `CompositionRevision` when it's first created, but must
-manually be updated when you wish it to use another `CompositionRevision`.
+The below XR uses the `Manual` policy. When you use this policy the XR
+selects the latest `CompositionRevision` when it's first created, but must
+manually update it when you wish it to use another `CompositionRevision`.
```yaml
apiVersion: example.org/v1alpha1
kind: PlatformDB
metadata:
+ namespace: default
name: example
spec:
- parameters:
- storageGB: 20
- # The Manual policy specifies that you don't want this XR to update to the
- # latest CompositionRevision automatically.
- compositionUpdatePolicy: Manual
- compositionRef:
- name: example
- writeConnectionSecretToRef:
- name: db-conn
+ storageGB: 20
+ crossplane:
+ # The Manual policy specifies that you don't want this XR to update to the
+ # latest CompositionRevision automatically.
+ compositionUpdatePolicy: Manual
+ compositionRef:
+ name: example
```
Crossplane sets an XR's `compositionRevisionRef` automatically at creation time
@@ -111,45 +110,29 @@ use a different `CompositionRevision`.
apiVersion: example.org/v1alpha1
kind: PlatformDB
metadata:
+ namespace: default
name: example
spec:
- parameters:
- storageGB: 20
- compositionUpdatePolicy: Manual
- compositionRef:
- name: example
- # Update the referenced CompositionRevision if and when you are ready.
- compositionRevisionRef:
- name: example-18pdg
- writeConnectionSecretToRef:
- name: db-conn
+ storageGB: 20
+ crossplane:
+ compositionUpdatePolicy: Manual
+ compositionRef:
+ name: example
+ # Update the referenced CompositionRevision if and when you are ready.
+ compositionRevisionRef:
+ name: example-18pdg
```
## Complete example
This tutorial discusses how CompositionRevisions work and how they manage Composite Resource
(XR) updates. This starts with a `Composition` and `CompositeResourceDefinition` (XRD) that defines a `MyVPC`
-resource and continues with creating multiple XRs to observe different upgrade paths. Crossplane will
-assign different CompositionRevisions to the created composite resources each time the composition is updated.
+resource and continues with creating multiple XRs to observe different upgrade paths. Crossplane
+assigns different CompositionRevisions to composite resources each time you update the composition.
-### Preparation
-##### Install Crossplane
-Install Crossplane v1.11.0 or later and wait until the Crossplane pods are running.
-```shell
-kubectl create namespace crossplane-system
-helm repo add crossplane-master https://charts.crossplane.io/master/
-helm repo update
-helm install crossplane --namespace crossplane-system crossplane-master/crossplane --devel --version 1.11.0-rc.0.108.g0521c32e
-kubectl get pods -n crossplane-system
-```
-Expected Output:
-```shell
-NAME READY STATUS RESTARTS AGE
-crossplane-7f75ddcc46-f4d2z 1/1 Running 0 9s
-crossplane-rbac-manager-78bd597746-sdv6w 1/1 Running 0 9s
-```
+### Preparation
-#### Deploy Composition and XRD Examples
+#### Deploy composition and XRD examples
Apply the example Composition.
```yaml
@@ -160,7 +143,6 @@ metadata:
channel: dev
name: myvpcs.aws.example.upbound.io
spec:
- writeConnectionSecretsToNamespace: crossplane-system
compositeTypeRef:
apiVersion: aws.example.upbound.io/v1alpha1
kind: MyVPC
@@ -175,7 +157,7 @@ spec:
resources:
- name: my-vpc
base:
- apiVersion: ec2.aws.upbound.io/v1beta1
+ apiVersion: ec2.aws.m.upbound.io/v1beta1
kind: VPC
spec:
forProvider:
@@ -198,18 +180,18 @@ spec:
plural: myvpcs
versions:
- name: v1alpha1
- served: true
- referenceable: true
+ served: true
+ referenceable: true
schema:
openAPIV3Schema:
- type: object
+ type: object
properties:
spec:
- type: object
+ type: object
properties:
id:
- type: string
- description: ID of this VPC that other objects will use to refer to it.
+ type: string
+ description: ID of this VPC that other objects will use to refer to it.
required:
- id
```
@@ -229,9 +211,9 @@ The label `dev` is automatically created from the Composition.
{{< /hint >}}
-### Create Composite Resources
+### Create composite resources
This tutorial has four composite resources to cover different update policies and composition selection options.
-The default behavior is updating XRs to the latest revision of the Composition. However, this can be changed by setting
+The default behavior is updating XRs to the latest revision of the Composition. You can change this by setting
`compositionUpdatePolicy: Manual` in the XR. It's also possible to select the latest revision with a specific label
with `compositionRevisionSelector.matchLabels` together with `compositionUpdatePolicy: Automatic`.
@@ -241,6 +223,7 @@ Create an XR without a `compositionUpdatePolicy` defined. The update policy is `
apiVersion: aws.example.upbound.io/v1alpha1
kind: MyVPC
metadata:
+ namespace: default
name: vpc-auto
spec:
id: vpc-auto
@@ -248,7 +231,7 @@ spec:
Expected Output:
```shell
myvpc.aws.example.upbound.io/vpc-auto created
-```
+```
#### Manual update policy
Create a Composite Resource with `compositionUpdatePolicy: Manual` and `compositionRevisionRef`.
@@ -256,18 +239,20 @@ Create a Composite Resource with `compositionUpdatePolicy: Manual` and `composit
apiVersion: aws.example.upbound.io/v1alpha1
kind: MyVPC
metadata:
+ namespace: default
name: vpc-man
spec:
id: vpc-man
- compositionUpdatePolicy: Manual
- compositionRevisionRef:
- name: myvpcs.aws.example.upbound.io-ad265bc
+ crossplane:
+ compositionUpdatePolicy: Manual
+ compositionRevisionRef:
+ name: myvpcs.aws.example.upbound.io-ad265bc
```
Expected Output:
```shell
myvpc.aws.example.upbound.io/vpc-man created
-```
+```
#### Using a selector
Create an XR with a `compositionRevisionSelector` of `channel: dev`:
@@ -275,40 +260,44 @@ Create an XR with a `compositionRevisionSelector` of `channel: dev`:
apiVersion: aws.example.upbound.io/v1alpha1
kind: MyVPC
metadata:
+ namespace: default
name: vpc-dev
spec:
id: vpc-dev
- compositionRevisionSelector:
- matchLabels:
- channel: dev
+ crossplane:
+ compositionRevisionSelector:
+ matchLabels:
+ channel: dev
```
Expected Output:
```shell
myvpc.aws.example.upbound.io/vpc-dev created
-```
+```
Create an XR with a `compositionRevisionSelector` of `channel: staging`:
```yaml
apiVersion: aws.example.upbound.io/v1alpha1
kind: MyVPC
metadata:
+ namespace: default
name: vpc-staging
spec:
id: vpc-staging
- compositionRevisionSelector:
- matchLabels:
- channel: staging
+ crossplane:
+ compositionRevisionSelector:
+ matchLabels:
+ channel: staging
```
Expected Output:
```shell
myvpc.aws.example.upbound.io/vpc-staging created
-```
+```
-Verify the Composite Resource with the label `channel: staging` doesn't have a `REVISION`.
+Verify the Composite Resource with the label `channel: staging` doesn't have a `REVISION`.
All other XRs have a `REVISION` matching the created Composition Revision.
```shell
-kubectl get composite -o="custom-columns=NAME:.metadata.name,SYNCED:.status.conditions[0].status,REVISION:.spec.compositionRevisionRef.name,POLICY:.spec.compositionUpdatePolicy,MATCHLABEL:.spec.compositionRevisionSelector.matchLabels"
+kubectl get composite -o="custom-columns=NAME:.metadata.name,SYNCED:.status.conditions[0].status,REVISION:.spec.crossplane.compositionRevisionRef.name,POLICY:.spec.crossplane.compositionUpdatePolicy,MATCHLABEL:.spec.crossplane.compositionRevisionSelector.matchLabels"
```
Expected Output:
```shell
@@ -317,17 +306,17 @@ vpc-auto True myvpcs.aws.example.upbound.io-ad265bc Automatic
vpc-staging False Automatic map[channel:staging]
-```
+```
{{< hint "note" >}}
The `vpc-staging` XR label doesn't match any existing Composition Revisions.
{{< /hint >}}
-### Create new Composition revisions
-Crossplane creates a new CompositionRevision when a Composition is created or updated. Label and annotation changes will
-also trigger a new CompositionRevision.
+### Create new composition revisions
+Crossplane creates a new CompositionRevision when you create or update a Composition. Label and annotation changes
+also trigger a new CompositionRevision.
-#### Update the Composition label
+#### Update the composition label
Update the `Composition` label to `channel: staging`:
```shell
kubectl label composition myvpcs.aws.example.upbound.io channel=staging --overwrite
@@ -335,7 +324,7 @@ kubectl label composition myvpcs.aws.example.upbound.io channel=staging --overwr
Expected Output:
```shell
composition.apiextensions.crossplane.io/myvpcs.aws.example.upbound.io labeled
-```
+```
Verify that Crossplane creates a new Composition revision:
```shell
@@ -346,13 +335,13 @@ Expected Output:
NAME REVISION CHANNEL
myvpcs.aws.example.upbound.io-727b3c8 2 staging
myvpcs.aws.example.upbound.io-ad265bc 1 dev
-```
+```
-Verify that Crossplane assigns the Composite Resources `vpc-auto` and `vpc-staging` to Composite `revision:2`.
+Verify that Crossplane assigns the Composite Resources `vpc-auto` and `vpc-staging` to Composite `revision:2`.
XRs `vpc-man` and `vpc-dev` are still assigned to the original `revision:1`:
```shell
-kubectl get composite -o="custom-columns=NAME:.metadata.name,SYNCED:.status.conditions[0].status,REVISION:.spec.compositionRevisionRef.name,POLICY:.spec.compositionUpdatePolicy,MATCHLABEL:.spec.compositionRevisionSelector.matchLabels"
+kubectl get composite -o="custom-columns=NAME:.metadata.name,SYNCED:.status.conditions[0].status,REVISION:.spec.crossplane.compositionRevisionRef.name,POLICY:.spec.crossplane.compositionUpdatePolicy,MATCHLABEL:.spec.crossplane.compositionRevisionSelector.matchLabels"
```
Expected Output:
```shell
@@ -361,14 +350,14 @@ vpc-auto True myvpcs.aws.example.upbound.io-727b3c8 Automatic
vpc-staging True myvpcs.aws.example.upbound.io-727b3c8 Automatic map[channel:staging]
-```
+```
{{< hint "note" >}}
-`vpc-auto` always use the latest Revision.
+`vpc-auto` always use the latest Revision.
`vpc-staging` now matches the label applied to Revision `revision:2`.
{{< /hint >}}
-#### Update Composition Spec and Label
+#### Update composition spec and label
Update the Composition to disable DNS support in the VPC and change the label from `staging` back to `dev`.
Apply the following changes to update the `Composition` spec and label:
@@ -380,7 +369,6 @@ metadata:
channel: dev
name: myvpcs.aws.example.upbound.io
spec:
- writeConnectionSecretsToNamespace: crossplane-system
compositeTypeRef:
apiVersion: aws.example.upbound.io/v1alpha1
kind: MyVPC
@@ -395,7 +383,7 @@ spec:
resources:
- name: my-vpc
base:
- apiVersion: ec2.aws.upbound.io/v1beta1
+ apiVersion: ec2.aws.m.upbound.io/v1beta1
kind: VPC
spec:
forProvider:
@@ -408,7 +396,7 @@ spec:
Expected Output:
```shell
composition.apiextensions.crossplane.io/myvpcs.aws.example.upbound.io configured
-```
+```
Verify that Crossplane creates a new Composition revision:
@@ -421,17 +409,17 @@ NAME REVISION CHANNEL
myvpcs.aws.example.upbound.io-727b3c8 2 staging
myvpcs.aws.example.upbound.io-ad265bc 1 dev
myvpcs.aws.example.upbound.io-f81c553 3 dev
-```
+```
{{< hint "note" >}}
Changing the label and the spec values simultaneously is critical for deploying new changes to the `dev` channel.
{{< /hint >}}
-Verify Crossplane assigns the Composite Resources `vpc-auto` and `vpc-dev` to Composite `revision:3`.
-`vpc-staging` is assigned to `revision:2`, and `vpc-man` is still assigned to the original `revision:1`:
+Verify Crossplane assigns the Composite Resources `vpc-auto` and `vpc-dev` to Composite `revision:3`.
+Crossplane assigns `vpc-staging` to `revision:2`, and still assigns `vpc-man` to the original `revision:1`:
```shell
-kubectl get composite -o="custom-columns=NAME:.metadata.name,SYNCED:.status.conditions[0].status,REVISION:.spec.compositionRevisionRef.name,POLICY:.spec.compositionUpdatePolicy,MATCHLABEL:.spec.compositionRevisionSelector.matchLabels"
+kubectl get composite -o="custom-columns=NAME:.metadata.name,SYNCED:.status.conditions[0].status,REVISION:.spec.crossplane.compositionRevisionRef.name,POLICY:.spec.crossplane.compositionUpdatePolicy,MATCHLABEL:.spec.crossplane.compositionRevisionSelector.matchLabels"
```
Expected Output:
```shell
@@ -440,7 +428,7 @@ vpc-auto True myvpcs.aws.example.upbound.io-f81c553 Automatic
vpc-staging True myvpcs.aws.example.upbound.io-727b3c8 Automatic map[channel:staging]
-```
+```
{{< hint "note" >}}
@@ -449,7 +437,7 @@ vpc-staging True myvpcs.aws.example.upbound.io-727b3c8 Automatic map[c
{{< /hint >}}
-[composition type]: {{][}}
-[Compositions]: {{][}}
+[composition type]: {{][}}
+[Compositions]: {{][}}
[canary]: https://martinfowler.com/bliki/CanaryRelease.html
-[install guide]: {{][}}
+[install guide]: {{][}}
diff --git a/content/v1.19/concepts/compositions.md b/content/v2.1/composition/compositions.md
similarity index 63%
rename from content/v1.19/concepts/compositions.md
rename to content/v2.1/composition/compositions.md
index 9e0f028a5..e933ad2ec 100644
--- a/content/v1.19/concepts/compositions.md
+++ b/content/v2.1/composition/compositions.md
@@ -1,22 +1,22 @@
---
title: Compositions
weight: 30
-aliases:
+aliases:
- composition
- composition-functions
- /knowledge-base/guides/composition-functions
-description: "Compositions are a template for creating Crossplane resources"
+description: "Define which resources to create and how"
---
-Compositions are a template for creating multiple managed resources as a single
-object.
+Compositions are a template for creating multiple Kubernetes resources as a
+single _composite_ resource.
-A Composition _composes_ individual managed resources together into a larger,
-reusable, solution.
+A Composition _composes_ individual resources together into a larger, reusable,
+solution.
An example Composition may combine a virtual machine, storage resources and
networking policies. A Composition template links all these individual
-resources together.
+resources together.
Here's an example Composition. When you create an
{{}}AcmeBucket{{}} composite resource
@@ -44,7 +44,7 @@ spec:
resources:
- name: storage-bucket
base:
- apiVersion: s3.aws.upbound.io/v1beta1
+ apiVersion: s3.aws.m.upbound.io/v1beta1
kind: Bucket
spec:
forProvider:
@@ -52,25 +52,22 @@ spec:
```
-{{}}
-Crossplane has four core components that users commonly mix up:
+{{}}
+A [composite resource]({{][}}) or XR is a custom API.
-* Compositions - This page. A template to define how to create resources.
-* [Composite Resource Definition]({{][}})
- (`XRD`) - A custom API specification.
-* [Composite Resource]({{][}}) (`XR`) - Created by
- using the custom API defined in a Composite Resource Definition. XRs use the
- Composition template to create new managed resources.
-* [Claims]({{][}}) (`XRC`) - Like a Composite Resource, but
- with namespace scoping.
+You use two Crossplane types to create a new custom API:
+
+* A [Composite Resource Definition]({{][}})
+ (XRD) - Defines the XR's schema.
+* A Composition - This page. Configures how the XR creates other resources.
{{]}}
-## Create a Composition
+## Create a composition
Creating a Composition consists of:
* [Using composition functions](#use-a-function-in-a-composition) to define the
resources to create.
-* [Enabling composite resources](#enable-composite-resources) to use the
+* [Enabling composite resources](#match-composite-resources) to use the
Composition template.
A Composition is a pipeline of composition functions.
@@ -81,40 +78,18 @@ to determine what resources it should create when you create a composite
resource (XR).
{{}}
-The Crossplane community has built lots of functions that let you template
-Crossplane resources using
-[CUE](https://github.com/crossplane-contrib/function-cue),
-[KCL](https://github.com/crossplane-contrib/function-kcl),
+Crossplane has functions that let you template composed resources using YAML
+[patch and transforms]({{[}}).
Helm-like
-[Go templates](https://github.com/crossplane-contrib/function-go-templating) or
-legacy Crossplane
-[Patch and Transforms]({{][}}).
+[YAML templates](https://github.com/crossplane-contrib/function-go-templating),
+[CUE](https://github.com/crossplane-contrib/function-cue),
+[KCL](https://github.com/crossplane-contrib/function-kcl), or
+[Python](https://github.com/crossplane-contrib/function-python).
You can also [write your own function](#write-a-composition-function) using Go
or Python.
{{< /hint >}}
-{{}}
-Crossplane has two modes of composition:
-
-* `mode: Pipeline`
-* `mode: Resources`
-
-Use the `Pipeline` mode to use composition functions.
-
-
-The `Resources` mode is deprecated, and you shouldn't use it. Crossplane
-supports Compositions that use the `Resources` mode for backward compatibility,
-but the feature is no longer maintained. Crossplane doesn't accept new
-`Resources` features, and only accepts security bug fixes.
-
-
-See the [CLI documentation]({{][}})
-to learn how to use the `crossplane beta convert` command to convert a legacy
-`Resources` Composition to the `Pipeline` mode.
-{{< /hint >}}
-
-
### Install a composition function
Installing a Function creates a function pod. Crossplane sends requests to this
@@ -139,7 +114,7 @@ spec:
{{< hint "tip" >}}
Functions are Crossplane Packages. Read more about Packages in the
-[Packages documentation]({{][}}).
+[Packages documentation]({{][}}).
{{< /hint >}}
By default, the Function pod installs in the same namespace as Crossplane
@@ -165,45 +140,42 @@ reports `True`.
Crossplane calls a Function to determine what resources it should create when
you create a composite resource. The Function also tells Crossplane what to do
-with these resources when you update or delete a composite resource.
+with these resources when you update a composite resource.
+
+{{}}
+Composition functions don't run when you delete a composite resource.
+Crossplane handles deletion of composed resources automatically.
+{{< /hint >}}
When Crossplane calls a Function it sends it the current state of the composite
-resource. It also sends it the current state of any managed resources the
-composite resource owns.
+resource. It also sends it the current state of any resources the composite
+resource owns.
Crossplane knows what Function to call when a composite resource changes by
looking at the Composition the composite resource uses.
-To use composition functions set the Composition
+To use composition functions set the Composition
{{}}mode{{}} to
{{}}Pipeline{{}}.
-Define a {{}}pipeline{{}} of
-{{}}steps{{}}. Each
-{{}}step{{}} calls a Function.
+Define a {{}}pipeline{{}} of
+{{}}steps{{}}. Each
+{{}}step{{}} calls a Function.
-Each {{}}step{{}} uses a
+Each {{}}step{{}} uses a
{{}}functionRef{{}} to reference the
-{{}}name{{}} of the Function to call.
-
-{{}}
-Compositions using {{}}mode: Pipeline{{}}
-can't specify resource templates with a `resources` field.
-
-Use function "Patch and Transform" to create resource templates.
-{{< /hint >}}
+{{}}name{{}} of the Function to call.
-
-Some Functions also allow you to specify an
-{{}}input{{}}.
+Some Functions also allow you to specify an
+{{}}input{{}}.
The function defines the
{{}}kind{{}} of input.
This example uses
[Function Patch and Transform]({{][}}).
Function Patch and Transform implements Crossplane resource
-templates.
-The input kind is {{}}Resources{{}},
+templates.
+The input kind is {{}}Resources{{}},
and it accepts {{}}resources{{}} as input.
```yaml {label="single",copy-lines="none"}
@@ -223,7 +195,7 @@ spec:
resources:
- name: storage-bucket
base:
- apiVersion: s3.aws.upbound.io/v1beta1
+ apiVersion: s3.aws.m.upbound.io/v1beta1
kind: Bucket
spec:
forProvider:
@@ -239,7 +211,7 @@ calls them all. It calls them in the order they appear in the pipeline.
Crossplane passes each Function in the pipeline the result of the previous
Function. This enables powerful combinations of Functions. In this example,
Crossplane calls {{}}function-cue{{}} to
-create an S3 bucket. Crossplane then passes the bucket to
+create an S3 bucket. Crossplane then passes the bucket to
{{}}function-auto-ready{{}}, which marks the
composite resource as ready when the bucket becomes ready.
@@ -261,7 +233,7 @@ spec:
export:
target: Resources
value: |
- apiVersion: "s3.aws.upbound.io/v1beta1"
+ apiVersion: "s3.aws.m.upbound.io/v1beta1"
kind: "Bucket"
spec: forProvider: region: "us-east-2"
- step: automatically-detect-readiness
@@ -270,24 +242,23 @@ spec:
```
-### Enable composite resources
+### Match composite resources
-A Composition is only a template defining how to create managed
-resources. A Composition limits which Composite Resources can use this
-template.
+A Composition is only a template defining how to create composed resources. A
+Composition limits which kind of composite resource (XR) can use this template.
-A Composition's {{}}compositeTypeRef{{}}
-defines which Composite Resource type can use this Composition.
+A Composition's {{}}compositeTypeRef{{}}
+defines which Composite Resource type can use this Composition.
{{}}
-Read more about Composite Resources in the
-[Composite Resources page]({{][}}).
+Read more about Composite Resources in the
+[Composite Resources page]({{][}}).
{{< /hint >}}
-Inside a Composition's
+Inside a Composition's
{{}}spec{{}}
-define the Composite Resource
-{{}}apiVersion{{}} and
+define the Composite Resource
+{{}}apiVersion{{}} and
{{}}kind{{}}
that the Composition allows to use this template.
@@ -303,144 +274,70 @@ spec:
# Removed for brevity
```
-### Store connection details
-
-Some managed resources generate unique details like usernames, passwords, IP
-addresses, ports or other connection details.
+### Grant access to composed resources
-When resources inside a Composition create connection details Crossplane creates
-a Kubernetes secret object for each managed resource generating connection
-details.
+Crossplane uses its [service account](https://kubernetes.io/docs/concepts/security/service-accounts/)
+to create the composed resources that a function pipeline returns.
-{{}}
-This section discusses creating Kubernetes secrets.
-Crossplane also supports using external secret stores like
-[HashiCorp Vault](https://www.vaultproject.io/).
+Crossplane's service account has access to create, update, and delete any
+resource installed by a [provider]({{]