From ee4c613225ae33a8d6a5a5982c8f8f11afbdb175 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9=20Quatremain?= Date: Sat, 16 Nov 2024 18:25:53 +0100 Subject: [PATCH] quay-api v1.0.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Hervé Quatremain --- ...er-manager-metrics-service_v1_service.yaml | 19 + ...c.authorization.k8s.io_v1_clusterrole.yaml | 13 + ...ay-api-operator.clusterserviceversion.yaml | 2813 +++++++++++++++++ .../quay.herve4m.github.io_apitokens.yaml | 161 + .../quay.herve4m.github.io_applications.yaml | 138 + .../quay.herve4m.github.io_defaultperms.yaml | 130 + .../quay.herve4m.github.io_dockertokens.yaml | 117 + .../quay.herve4m.github.io_firstusers.yaml | 136 + ...quay.herve4m.github.io_manifestlabels.yaml | 129 + .../quay.herve4m.github.io_messages.yaml | 127 + .../quay.herve4m.github.io_notifications.yaml | 216 ++ .../quay.herve4m.github.io_organizations.yaml | 143 + .../quay.herve4m.github.io_proxycaches.yaml | 118 + .../quay.herve4m.github.io_quotas.yaml | 108 + .../quay.herve4m.github.io_repositories.yaml | 186 ++ ...y.herve4m.github.io_repositorymirrors.yaml | 158 + .../quay.herve4m.github.io_robots.yaml | 123 + .../quay.herve4m.github.io_tags.yaml | 115 + .../quay.herve4m.github.io_teamldaps.yaml | 128 + .../quay.herve4m.github.io_teamoidcs.yaml | 116 + .../quay.herve4m.github.io_teams.yaml | 130 + .../quay.herve4m.github.io_users.yaml | 115 + .../1.0.0/metadata/annotations.yaml | 14 + .../1.0.0/tests/scorecard/config.yaml | 70 + 24 files changed, 5523 insertions(+) create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay-api-operator-controller-manager-metrics-service_v1_service.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay-api-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay-api-operator.clusterserviceversion.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_apitokens.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_applications.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_defaultperms.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_dockertokens.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_firstusers.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_manifestlabels.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_messages.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_notifications.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_organizations.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_proxycaches.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_quotas.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_repositories.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_repositorymirrors.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_robots.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_tags.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_teamldaps.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_teamoidcs.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_teams.yaml create mode 100644 operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_users.yaml create mode 100644 operators/quay-api-operator/1.0.0/metadata/annotations.yaml create mode 100644 operators/quay-api-operator/1.0.0/tests/scorecard/config.yaml diff --git a/operators/quay-api-operator/1.0.0/manifests/quay-api-operator-controller-manager-metrics-service_v1_service.yaml b/operators/quay-api-operator/1.0.0/manifests/quay-api-operator-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..dc6efebce6d --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay-api-operator-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: quay-api-operator + control-plane: controller-manager + name: quay-api-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/quay-api-operator/1.0.0/manifests/quay-api-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/quay-api-operator/1.0.0/manifests/quay-api-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..215363bca69 --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay-api-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: quay-api-operator + name: quay-api-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/quay-api-operator/1.0.0/manifests/quay-api-operator.clusterserviceversion.yaml b/operators/quay-api-operator/1.0.0/manifests/quay-api-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..7d1e92275c8 --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay-api-operator.clusterserviceversion.yaml @@ -0,0 +1,2813 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "ApiToken", + "metadata": { + "name": "apitoken-sample" + }, + "spec": { + "clientIdFrom": { + "key": "clientId", + "name": "application-secret" + }, + "connSecretRef": { + "name": "quay-temp-credentials-secret" + }, + "retSecretRef": { + "name": "quay-credentials-secret" + }, + "rights": [ + "all" + ] + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "Application", + "metadata": { + "name": "application-sample" + }, + "spec": { + "applicationUri": "http://applicationuri.example.com", + "avatarEmail": "avatarextapp@example.com", + "connSecretRef": { + "name": "quay-temp-credentials-secret" + }, + "description": "External application", + "name": "extapp", + "organization": "production", + "preserveInQuayOnDeletion": false, + "redirectUri": "http://redirecturi.example.com", + "retSecretRef": { + "name": "application-secret" + } + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "DefaultPerm", + "metadata": { + "name": "defaultperm-sample" + }, + "spec": { + "connSecretRef": { + "name": "quay-credentials-secret" + }, + "name": "production+robotprod1", + "organization": "production", + "preserveInQuayOnDeletion": false, + "role": "write", + "type": "user" + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "DockerToken", + "metadata": { + "name": "dockertoken-sample" + }, + "spec": { + "connSecretRef": { + "name": "quay-credentials-secret" + }, + "name": "mytoken", + "preserveInQuayOnDeletion": false, + "retSecretRef": { + "name": "dockertoken-sample-ret-secret" + } + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "FirstUser", + "metadata": { + "name": "firstuser-sample" + }, + "spec": { + "connSecretRef": { + "name": "quay-connection-secret" + }, + "createToken": true, + "email": "admin@example.com", + "password": "Sup3r53cr3L", + "retSecretRef": { + "name": "quay-temp-credentials-secret" + }, + "username": "admin" + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "ManifestLabel", + "metadata": { + "name": "manifestlabel-sample" + }, + "spec": { + "connSecretRef": { + "name": "quay-credentials-secret" + }, + "image": "production/smallimage:v1.4.3", + "key": "component", + "preserveInQuayOnDeletion": false, + "replace": true, + "retSecretRef": { + "name": "manifestlabel-sample-ret-secret" + }, + "value": "front" + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "Message", + "metadata": { + "name": "message-sample" + }, + "spec": { + "connSecretRef": { + "name": "quay-credentials-secret" + }, + "content": "# Information message\n\nLorem **ipsum** dolor sit amet, `consectetur` adipiscing elit, sed do\neiusmod tempor incididunt ut labore et dolore magna aliqua:\n\n* Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi\n ut aliquip ex ea commodo consequat.\n* Duis aute irure dolor in reprehenderit in voluptate velit esse cillum\n dolore eu fugiat nulla pariatur\n", + "format": "markdown", + "preserveInQuayOnDeletion": false, + "severity": "warning" + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "Notification", + "metadata": { + "name": "notification-sample" + }, + "spec": { + "config": { + "url": "https://hooks.slack.com/services/XXX/YYY/ZZZ" + }, + "connSecretRef": { + "name": "quay-credentials-secret" + }, + "event": "vulnerability_found", + "method": "slack", + "preserveInQuayOnDeletion": false, + "repository": "production/smallimage", + "title": "Notify critical image vulnerabilities to Slack", + "vulnerabilityLevel": "critical" + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "Organization", + "metadata": { + "name": "organization-sample" + }, + "spec": { + "autoPruneMethod": "tags", + "autoPruneValue": "20", + "connSecretRef": { + "name": "quay-temp-credentials-secret" + }, + "email": "prodlist@example.com", + "name": "production", + "preserveInQuayOnDeletion": false, + "timeMachineExpiration": "7d" + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "ProxyCache", + "metadata": { + "name": "proxycache-sample" + }, + "spec": { + "connSecretRef": { + "name": "quay-credentials-secret" + }, + "expiration": 172800, + "organization": "production", + "password": "My53cr3Tpa55", + "preserveInQuayOnDeletion": false, + "registry": "quay.io/prodimgs", + "username": "cwade" + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "Quota", + "metadata": { + "name": "quota-sample" + }, + "spec": { + "connSecretRef": { + "name": "quay-credentials-secret" + }, + "organization": "production", + "preserveInQuayOnDeletion": false, + "quota": "1.5 TiB", + "rejectPct": 95, + "warningPct": 80 + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "Repository", + "metadata": { + "name": "repository-sample-1" + }, + "spec": { + "append": true, + "autoPruneMethod": "date", + "autoPruneValue": "4w", + "connSecretRef": { + "name": "quay-credentials-secret" + }, + "description": "# My first repository\n\n* smallimage is a small GNU/linux container image.\n* Use podman to start a container using that image.\n", + "name": "production/smallimage", + "perms": [ + { + "name": "operators", + "role": "read", + "type": "team" + }, + { + "name": "dwilde", + "role": "read", + "type": "user" + }, + { + "name": "production+robotprod1", + "role": "admin", + "type": "user" + } + ], + "preserveInQuayOnDeletion": false, + "repoState": "NORMAL", + "star": true, + "visibility": "public" + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "Repository", + "metadata": { + "name": "repository-sample-2" + }, + "spec": { + "connSecretRef": { + "name": "quay-credentials-secret" + }, + "name": "production/ubi9", + "preserveInQuayOnDeletion": false, + "repoState": "MIRROR" + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "RepositoryMirror", + "metadata": { + "name": "repositorymirror-sample" + }, + "spec": { + "connSecretRef": { + "name": "quay-credentials-secret" + }, + "externalReference": "registry.access.redhat.com/ubi9-micro", + "httpProxy": "http://proxy.example.com:3128", + "imageTags": [ + "9.4", + "9.3" + ], + "isEnabled": true, + "name": "production/ubi9", + "noProxy": "registry.access.redhat.com", + "preserveInQuayOnDeletion": false, + "robotUsername": "production+robotprod1", + "syncInterval": 172800, + "syncStartDate": "2023-05-25T21:06:00Z", + "verifyTls": true + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "Robot", + "metadata": { + "name": "robot-sample" + }, + "spec": { + "connSecretRef": { + "name": "quay-credentials-secret" + }, + "description": "Robot account for production", + "name": "production+robotprod1", + "preserveInQuayOnDeletion": false, + "retSecretRef": { + "name": "robot-sample-ret-secret" + } + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "Tag", + "metadata": { + "name": "tag-sample" + }, + "spec": { + "connSecretRef": { + "name": "quay-credentials-secret" + }, + "expiration": "2025-05-25", + "expirationFormat": "%Y-%m-%d", + "image": "production/smallimage:v1.4.3", + "preserveInQuayOnDeletion": false, + "tag": "v1" + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "Team", + "metadata": { + "name": "team-sample" + }, + "spec": { + "append": false, + "connSecretRef": { + "name": "quay-credentials-secret" + }, + "description": "# Operation Team\n\n* Operators can create repositories\n* Operators can store their images in those repositories\n", + "members": [ + "dwilde", + "production+robotprod1" + ], + "name": "operators", + "organization": "production", + "preserveInQuayOnDeletion": false, + "role": "creator" + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "TeamLdap", + "metadata": { + "name": "teamldap-sample" + }, + "spec": { + "connSecretRef": { + "name": "quay-credentials-secret" + }, + "groupDn": "cn=op1,ou=groups", + "keepUsers": true, + "name": "operators", + "organization": "production", + "preserveInQuayOnDeletion": false, + "sync": true + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "TeamOidc", + "metadata": { + "name": "teamoidc-sample" + }, + "spec": { + "connSecretRef": { + "name": "quay-credentials-secret" + }, + "groupName": "op1", + "name": "operators", + "organization": "production", + "preserveInQuayOnDeletion": false, + "sync": true + } + }, + { + "apiVersion": "quay.herve4m.github.io/v1alpha1", + "kind": "User", + "metadata": { + "name": "user-sample" + }, + "spec": { + "connSecretRef": { + "name": "quay-credentials-secret" + }, + "email": "dwilde@example.com", + "enabled": true, + "password": "vs9mrD55NP", + "preserveInQuayOnDeletion": false, + "username": "dwilde" + } + } + ] + capabilities: Basic Install + categories: Integration & Delivery + containerImage: quay.io/herve4m/quay-api-operator:1.0.0 + createdAt: "2024-11-16T16:51:50Z" + description: | + Manage Quay Container Registry deployments by using Kubernetes resources. + operators.operatorframework.io/builder: operator-sdk-v1.37.0 + operators.operatorframework.io/project_layout: ansible.sdk.operatorframework.io/v1 + repository: https://github.com/herve4m/quay-api-operator + support: Quay Community + name: quay-api-operator.v1.0.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Create OAuth access tokens for authenticating with the API. + displayName: Api Token + kind: ApiToken + name: apitokens.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the ApiToken resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: | + Reference to the secret resource that stores the client ID associated with the OAuth application to use for generating the OAuth access token. + displayName: Client ID Secret + path: clientIdFrom + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:clientIdFrom + - description: Name of the secret resource. + displayName: Secret Name + path: clientIdFrom.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:clientIdFrom + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: clientIdFrom.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:clientIdFrom + - urn:alm:descriptor:io.kubernetes:Namespace + - description: In the secret resource, key that stores the client ID. + displayName: Key + path: clientIdFrom.key + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:clientIdFrom + - urn:alm:descriptor:com.tectonic.ui:text + - description: The client ID associated with the OAuth application to use for + generating the OAuth access token. See the Application resource to create + an application object and to retrieve the associated client ID. + displayName: Client Id + path: clientId + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: The username to generate an OAuth access token for. The user + receives a notification in the web interface, which enables the user to + retrieve the token. When you use this option, the resource does not return + the token. Requires Quay version 3.12 or later. + displayName: For User + path: forUser + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: List of permissions to grant to the user account. 'all' means + all the permissions. + displayName: Rights + path: rights + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: | + Secret resource that the ApiToken resource creates. This secret will store the data that the resource generates. + displayName: Returned Data Secret + path: retSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:RetSecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: retSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:RetSecretRef + - urn:alm:descriptor:com.tectonic.ui:text + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: retSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:RetSecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + - description: Create, delete, and update applications in Quay organizations. + displayName: Application + kind: Application + name: applications.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the Application resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: URL to the application home page. + displayName: Application Uri + path: applicationUri + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Email address that represents the avatar for the application. + displayName: Avatar Email + path: avatarEmail + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Description for the application. + displayName: Description + path: description + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Name of the application to create, update, or delete. Application + names must be at least two characters long. + displayName: Name + path: name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: New name for the application. Setting this option changes the + name of the application which current name is provided in 'name'. + displayName: New Name + path: newName + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Name of the organization in which to manage the application. + displayName: Organization + path: organization + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Prefix of the application's OAuth redirection/callback URLs. + displayName: Redirect Uri + path: redirectUri + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: | + Secret resource that the Application resource creates. This secret will store the data that the resource generates. + displayName: Returned Data Secret + path: retSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:RetSecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: retSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:RetSecretRef + - urn:alm:descriptor:com.tectonic.ui:text + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: retSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:RetSecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + - description: Create, delete, and update default repository permissions. + displayName: Default Perm + kind: DefaultPerm + name: defaultperms.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the DefaultPerm resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Quay applies the default permission only when repositories are + created by the user that you define in 'creator'. By default, if you do + not provide that 'creator' parameter, then Quay applies the default permission + to all new repositories, whoever creates them. You cannot use robot accounts + or teams for the 'creator' parameter. You can only use regular user accounts. + displayName: Creator + path: creator + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Name of the user or team that gets permission to new created + repositories in the organization. For robot accounts use the 'namespace'+'shortrobotname' + format. + displayName: Name + path: name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Name of the organization for the default permission. That organization + must exist. + displayName: Organization + path: organization + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Permission that Quay automatically grants to the user or team + on new created repositories in the organization. If you do not provide that + parameter, then the resource uses 'read' by default. + displayName: Role + path: role + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Type of the account defined in 'name'. Choose 'user' for both + user and robot accounts. + displayName: Type + path: type + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + - description: Create or delete tokens for client tools to access repositories. + For example, the 'docker', 'podman', and 'skopeo' command-line tools can use + such tokens. Kubernetes can also use those tokens, declared is Kubernetes + secret objects, to pull images and deploy pods. Using tokens is an alternative + to using your user login and password. The tokens you create are for the user + account you are logged in. You cannot create tokens for other users, even + if you are logged in with a super user account. + displayName: Docker Token + kind: DockerToken + name: dockertokens.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the DockerToken resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Name of the token to create or delete. + displayName: Name + path: name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: | + Secret resource that the DockerToken resource creates. This secret will store the data that the resource generates. + displayName: Returned Data Secret + path: retSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:RetSecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: retSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:RetSecretRef + - urn:alm:descriptor:com.tectonic.ui:text + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: retSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:RetSecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + - description: Create the first user just after installing Quay Container Registry. + displayName: First User + kind: FirstUser + name: firstusers.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the FirstUser resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: If 'true', then an OAuth access token is created and returned. + You can use that returned token with the other Quay resources, by setting + it in the 'quayToken' parameter. The token is valid for 2 hours 30 minutes. + If 'false', then no access token is created. + displayName: Create Token + path: createToken + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: User's email address. If your Quay administrator has enabled + the mailing capability of your Quay installation ('FEATURE_MAILING' to 'true' + in 'config.yaml'), then this 'email' parameter is mandatory. + displayName: Email + path: email + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: User's password as a clear string. The password must be at least + eight characters long and must not contain white spaces. + displayName: Password + path: password + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:password + - description: Name of the user account to create. You probably want that user + account to have superuser permissions so that you can use the returned token + to create additional objects. To do so, add the account name to the 'SUPER_USERS' + section in the 'config.yaml' file before using the FirstUser resource. + displayName: Username + path: username + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: | + Secret resource that the FirstUser resource creates. This secret will store the data that the resource generates. + displayName: Returned Data Secret + path: retSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:RetSecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: retSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:RetSecretRef + - urn:alm:descriptor:com.tectonic.ui:text + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: retSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:RetSecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + - description: Add or remove labels to image manifests. + displayName: Manifest Label + kind: ManifestLabel + name: manifestlabels.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the ManifestLabel resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Manifest to update. The format is 'namespace'/'repository':'tag' + or 'namespace'/'repository'@'digest'. The namespace can be an organization + or a personal namespace. If you omit the namespace part, then the resource + looks for the repository in your personal namespace. If you omit the tag + and the digest part, then 'latest' is assumed. + displayName: Image + path: image + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Label's key. + displayName: Key + path: key + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Only used when 'state=present'. If 'true', then the resource + deletes all the labels that use the key you define in the 'key' parameter + before adding the new label. If 'false', then the resource adds the new + label even if existing labels already use the key you define in the 'key' + parameter. Quay supports multiple labels with the same key. + displayName: Replace + path: replace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Label's value. Required when 'state=present'. + displayName: Value + path: value + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: | + Secret resource that the ManifestLabel resource creates. This secret will store the data that the resource generates. + displayName: Returned Data Secret + path: retSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:RetSecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: retSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:RetSecretRef + - urn:alm:descriptor:com.tectonic.ui:text + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: retSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:RetSecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + - description: Create, delete, and update global messages (message of the day) + that display on the web UI pages. + displayName: Message + kind: Message + name: messages.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the Message resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Text of the message to display on each web UI page. + displayName: Content + path: content + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Format of the text in 'content'. If you do not set this parameter, + then the resource uses the 'plain' format. + displayName: Format + path: format + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: The regular expression to look for in the existing messages. + This does not have to match an entire line. For 'state=present', if several + messages match, then the resource updates one and deletes the others. For + 'state=absent', the resource deletes all the messages that match. Uses Python + regular expressions. See . Mutually + exclusive with 'searchString'. + displayName: Regexp + path: regexp + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Search messages by their severity level. If you also set 'searchString', + 'regexp', or 'content', messages must match all those criteria. + displayName: Search Severity + path: searchSeverity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: The literal string to look for in the existing messages. This + does not have to match an entire line. For 'state=present', if several messages + match, then the resource updates one and deletes the others. For 'state=absent', + the resource deletes all the messages that match. Mutually exclusive with + 'regexp'. + displayName: Search String + path: searchString + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Severity of the message. If you do not set this parameter, then + the resource creates the message with the 'info' severity. + displayName: Severity + path: severity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + - description: Create and delete repository notifications. + displayName: Notification + kind: Notification + name: notifications.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the Notification resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Destination email address. Required by the email notification + method. + displayName: Email + path: config.email + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:config + - description: API token required for the Flowdock notification method. + displayName: Flow Api Token + path: config.flowApiToken + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:config + - description: Name of the account, team, or organization. Robot accounts are + not allowed. Required by the Quay Notification method. + displayName: Name + path: config.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:config + - description: Notification token required for the HipChat notification method. + displayName: Notification Token + path: config.notificationToken + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:config + - description: Chat room ID required for the HipChat notification method. + displayName: Room Id + path: config.roomId + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:config + - description: JSON data for the body content of the webhook POST method. + displayName: Template + path: config.template + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:config + - description: Specifies the type of the account defined in 'name'. Only applies + to the Quay Notification method. + displayName: Type + path: config.type + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:config + - description: Webhook URL for the Slack method or POST URL for the webhook + POST method. + displayName: Url + path: config.url + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:config + - description: Configuration parameters for the notification method. + displayName: Config + path: config + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:config + - description: Event that triggers the notification. Depending of the activated + Quay components, not all events might be available on your system. + displayName: Event + path: event + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Only used when 'event' is 'repo_image_expiry'. The notification + is triggered when the image expires in the specified number of days. + displayName: Image Expiry Days + path: imageExpiryDays + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Notification method. Each method requires a specific set of options + that you define by using the 'config' parameter. The email notification + method is only available on Quay installations where the mailing capability + has been activated ('FEATURE_MAILING' to 'true' in 'config.yaml'). + displayName: Method + path: method + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: The regular expression to search in the title of the existing + notifications. This does not have to match the entire title. The resource + uses that regular expression to select the notifications to process. For + 'state=present', the resource resets the failure counter (if 'resetFailcount' + is 'true') or initiates a test (if 'test' is 'true') of all the matching + notifications. For 'state=absent', the resource deletes all the notifications + that match. Uses Python regular expressions. See . + Mutually exclusive with 'searchString'. + displayName: Regexp + path: regexp + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Name of the repository which contains the notifications to manage. + The format for the name is 'namespace'/'shortname'. The namespace can be + an organization or a personal namespace. If you omit the namespace part + in the name, then the resource looks for the repository in your personal + namespace. + displayName: Repository + path: repository + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Reset the notification failure counter. + displayName: Reset Failcount + path: resetFailcount + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The literal string to search in the title of the existing notifications. + This does not have to match the entire line. For 'state=present', the resource + resets the failure counter (if 'resetFailcount' is 'true') or initiates + a test (if 'test' is 'true') of all the matching notifications. For 'state=absent', + the resource deletes all the notifications that match. Mutually exclusive + with 'regexp'. + displayName: Search String + path: searchString + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Initiate a test of the notification. + displayName: Test + path: test + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Notification title. + displayName: Title + path: title + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Only used when 'event' is 'vulnerability_found'. The notification + is triggered when the vulnerability has a level equal or higher to the level + that you define in 'vulnerabilityLevel'. + displayName: Vulnerability Level + path: vulnerabilityLevel + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + - description: Create, delete, and update organizations in Quay Container Registry. + displayName: Organization + kind: Organization + name: organizations.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the Organization resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Method to use for the auto-pruning tags policy. If 'none', then + the resource ensures that no policy is in place. The tags are not pruned. + If 'tags', then the policy keeps only the number of tags that you specify + in 'autoPruneValue'. If 'date', then the policy deletes the tags older than + the time period that you specify in 'autoPruneValue'. 'autoPruneValue' is + required when 'autoPruneMethod' is 'tags' or 'date'. + displayName: Auto Prune Method + path: autoPruneMethod + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Number of tags to keep when 'autoPruneMethod' is 'tags'. The + value must be 1 or more. Period of time when 'autoPruneMethod' is 'date'. + The value must be 1 or more, and must be followed by a suffix; s (for second), + m (for minute), h (for hour), d (for day), or w (for week). 'autoPruneMethod' + is required when 'autoPruneValue' is set. + displayName: Auto Prune Value + path: autoPruneValue + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Email address to associate with the new organization. If your + Quay administrator has enabled the mailing capability of your Quay installation + ('FEATURE_MAILING' to 'true' in 'config.yaml'), then this 'email' parameter + is mandatory. You cannot use the same address as your account email. + displayName: Email + path: email + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Name of the organization to create, remove, or modify. The name + must be in lowercase and must not contain white spaces. For compatibility + with earlier versions of Docker, the name must be at least four characters + long. + displayName: Name + path: name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: New name for the organization. Setting this option changes the + name of the organization which current name is provided in 'name'. The token + you use to connect to the API (in 'quayToken') must have the "Super User + Access" permission. + displayName: New Name + path: newName + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: The amount of time, after a tag is deleted, that the tag is accessible + in time machine before being garbage collected. + displayName: Time Machine Expiration + path: timeMachineExpiration + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + - description: Create, delete, and update the proxy cache configuration in organizations. + displayName: Proxy Cache + kind: ProxyCache + name: proxycaches.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the ProxyCache resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Tag expiration in seconds for cached images. 86400 (one day) + by default. + displayName: Expiration + path: expiration + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Whether to allow insecure connections to the remote registry. + If 'true', then the resource does not validate SSL certificates. + displayName: Insecure + path: insecure + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Name of the organization in which to create the proxy cache configuration. + That organization must exist. + displayName: Organization + path: organization + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: User's password as a clear string. Do not set a password for + a public access to the remote registry. + displayName: Password + path: password + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:password + - description: Name of the remote registry. Add a namespace to the remote registry + to restrict caching images from that namespace. + displayName: Registry + path: registry + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Name of the user account to use for authenticating with the remote + registry. Do not set a username for a public access to the remote registry. + displayName: Username + path: username + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + - description: Create, delete, and update storage quota for organizations. + displayName: Quota + kind: Quota + name: quotas.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the Quota resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Name of the organization. That organization must exist. + displayName: Organization + path: organization + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Quota that Quay uses to compute the warning and reject limits + for the organization. You specify a quota in bytes, but you can also use + the K[i]B, M[i]B, G[i]B, or T[i]B suffixes. + displayName: Quota + path: quota + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Reject (hard) limit as a percentage of the quota. Quay terminates + any image push in the organization when the limit is reached. Set 'rejectPct' + to '0' to remove the reject limit. + displayName: Reject Pct + path: rejectPct + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Warning (soft) limit as a percentage of the quota. Quay notifies + the users when the limit is reached. Set 'warningPct' to '0' to remove the + warning limit. + displayName: Warning Pct + path: warningPct + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + - description: Create, delete, and update repositories in Quay Container Registry. + displayName: Repository + kind: Repository + name: repositories.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the Repository resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: If 'true', then add the permission defined in 'perms' to the + repository. If 'false', then the resource sets the permissions specified + in 'perms', removing all others permissions from the repository. + displayName: Append + path: append + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Method to use for the auto-pruning tags policy. If 'none', then + the resource ensures that no policy is in place. The tags are not pruned. + If 'tags', then the policy keeps only the number of tags that you specify + in 'autoPruneValue'. If 'date', then the policy deletes the tags older than + the time period that you specify in 'autoPruneValue'. 'autoPruneValue' is + required when 'autoPruneMethod' is 'tags' or 'date'. + displayName: Auto Prune Method + path: autoPruneMethod + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Number of tags to keep when 'autoPruneMethod' is 'tags'. The + value must be 1 or more. Period of time when 'autoPruneMethod' is 'date'. + The value must be 1 or more, and must be followed by a suffix; s (for second), + m (for minute), h (for hour), d (for day), or w (for week). 'autoPruneMethod' + is required when 'autoPruneValue' is set. + displayName: Auto Prune Value + path: autoPruneValue + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Text in Markdown format that describes the repository. + displayName: Description + path: description + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Name of the repository to create, remove, or modify. The format + for the name is 'namespace'/'shortname'. The namespace can be an organization + or a personal namespace. The name must be in lowercase and must not contain + white spaces. If you omit the namespace part in the name, then the resource + uses your personal namespace. + displayName: Name + path: name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: User, robot, and team permissions to associate with the repository. + displayName: Perms + path: perms + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: If 'NORMAL', then the repository is in the default state (read/write). + If 'READ_ONLY', then the repository is read-only. If 'MIRROR', then the + repository is a mirror and you can configure it by using the RepositoryMirror + resource. You must enable the mirroring capability of your Quay installation + to use this 'repoState' parameter. + displayName: Repo State + path: repoState + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: If 'true', then add a star to the repository. If 'false', then + remove the star. To star or unstar a repository you must provide the 'quayToken' + parameter to authenticate. If you are not authenticated, then the resource + ignores the 'star' parameter. + displayName: Star + path: star + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: If 'public', then anyone can pull images from the repository. + If 'private', then nobody can access the repository and you need to explicitly + grant access to users, robots, and teams. If you do not set the parameter + when you create a repository, then it defaults to 'private'. + displayName: Visibility + path: visibility + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + - description: Configure and synchronize repository mirrors in Quay Container + Registry. + displayName: Repository Mirror + kind: RepositoryMirror + name: repositorymirrors.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the RepositoryMirror resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Path to the remote container repository to synchronize, such + as quay.io/projectquay/quay for example. That parameter is required when + creating the mirroring configuration. + displayName: External Reference + path: externalReference + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Password to use for pulling the image from the remote registry. + displayName: External Registry Password + path: externalRegistryPassword + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:password + - description: Username to use for pulling the image from the remote registry. + displayName: External Registry Username + path: externalRegistryUsername + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Triggers an immediate image synchronization. + displayName: Force Sync + path: forceSync + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: HTTP proxy to use for accessing the remote container registry. + See the 'curl' documentation for more details. By default, no proxy is used. + displayName: Http Proxy + path: httpProxy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: HTTPS proxy to use for accessing the remote container registry. + See the 'curl' documentation for more details. By default, no proxy is used. + displayName: Https Proxy + path: httpsProxy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: List of image tags to be synchronized from the remote repository. + displayName: Image Tags + path: imageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Defines whether the mirror configuration is active or inactive. + 'false' by default. + displayName: Is Enabled + path: isEnabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Name of the existing repository for which the mirror parameters + are configured. The format for the name is 'namespace'/'shortname'. The + namespace can only be an organization namespace. + displayName: Name + path: name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Comma-separated list of hosts for which the proxy should not + be used. Only relevant when you also specify a proxy configuration by setting + the 'httpProxy' or 'httpsProxy' variables. See the 'curl' documentation + for more details. + displayName: No Proxy + path: noProxy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Username of the robot account that is used for synchronization. + That parameter is required when creating the mirroring configuration. + displayName: Robot Username + path: robotUsername + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Synchronization interval for this repository mirror in seconds. + 86400 (one day) by default. + displayName: Sync Interval + path: syncInterval + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: The date and time at which the first synchronization should be + initiated. The format for the 'syncStartDate' parameter is ISO 8601 UTC, + such as 2021-12-02T21:06:00Z. If you do not provide the 'syncStartDate' + parameter when you configure a new repository mirror, then the synchronization + is immediately active, and a synchronization is initiated if the 'isEnabled' + parameter is 'true'. + displayName: Sync Start Date + path: syncStartDate + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Defines whether TLS of the external registry should be verified. + 'true' by default. + displayName: Verify Tls + path: verifyTls + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + - description: Create and delete robot accounts. + displayName: Robot + kind: Robot + name: robots.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the Robot resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Description of the robot account. You cannot update the description + of existing robot accounts. + displayName: Description + path: description + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Name of the robot account to create or remove, in the format + 'namespace'+'shortname'. The namespace can be an organization or a personal + namespace. The short name (the part after the '+' sign) must be in lowercase, + must not contain white spaces, must not start by a digit, and must be at + least two characters long. If you omit the namespace part in the name, then + the resource uses your personal namespace. You can create and delete robot + accounts in your personal namespace, but not in the personal namespace of + other users. The token you use in 'quayToken' determines the user account + you are using. + displayName: Name + path: name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: | + Secret resource that the Robot resource creates. This secret will store the data that the resource generates. + displayName: Returned Data Secret + path: retSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:RetSecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: retSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:RetSecretRef + - urn:alm:descriptor:com.tectonic.ui:text + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: retSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:RetSecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + - description: Create, delete, and update image tags. + displayName: Tag + kind: Tag + name: tags.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the Tag resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Expiration date and time for the tag. The format is 'YYYYMMDDHHMM.SS' + but you can change it by setting the 'expirationFormat' parameter. You cannot + set an expiration date more that two years in the future. If you do so, + then Quay forces the date at that two years boundary. You cannot set an + expiration date in the past. + displayName: Expiration + path: expiration + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Indicate the time format used in the 'expiration' parameter. + Based on default Python format (see ). + displayName: Expiration Format + path: expirationFormat + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Name of the existing image. The format is 'namespace'/'repository':'tag' + or 'namespace'/'repository'@'digest'. The namespace can be an organization + or a personal namespace. If you omit the namespace part, then the resource + looks for the repository in your personal namespace. If you omit the tag + and the digest part, then 'latest' is assumed. + displayName: Image + path: image + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: When 'state=present', the 'tag' parameter provides the new tag + to add to the image. If another image already uses that tag, then the resource + removes the tag from that other image first. When 'state=absent', the 'tag' + parameter indicates the tag to remove. If you do not set that 'tag' parameter, + then the resource removes the tag that you give in the image name with the + 'image' parameter. When you specify the image by its digest, in the 'image' + parameter, then that 'tag' parameter is mandatory. + displayName: Tag + path: tag + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + - description: Synchronize and unsynchronize teams in organizations with LDAP + groups. + displayName: Team Ldap + kind: TeamLdap + name: teamldaps.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the TeamLdap resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: LDAP group distinguished name (DN), relative to the base DN that + you defined in the 'config.yaml' Quay configuration file with the 'LDAP_BASE_DN' + parameter. For example, if the LDAP group DN is 'cn=group1,ou=groups,dc=example,dc=org' + and the base DN is 'dc=example,dc=org', then you must set 'groupDn' to 'cn=group1,ou=groups'. + 'groupDn' is required when 'sync' is 'true'. + displayName: Group Dn + path: groupDn + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: If 'true', then the current team members are kept after the synchronization + is disabled. If 'false', then the team members are removed (except robot + accounts). 'keepUsers' is only used when 'sync' is 'false'. + displayName: Keep Users + path: keepUsers + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Name of the team to synchronize or unsynchronize with an LDAP + group. That team must exist (see the Team resource to create it). + displayName: Name + path: name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Name of the organization for the team. That organization must + exist. + displayName: Organization + path: organization + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: If 'true', then the team members are retrieved from the LDAP + group that you define in 'groupDn'. The pre-existing members are removed + from the team before the synchronization process starts. Existing robot + account members are not removed. If 'false', then the synchronization from + LDAP is disabled. Existing team members (from LDAP) are kept, except if + you set 'keepUsers' to 'false'. + displayName: Sync + path: sync + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + - description: Synchronize and unsynchronize teams in organizations with OIDC + groups. + displayName: Team Oidc + kind: TeamOidc + name: teamoidcs.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the TeamOidc resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: OIDC group name. 'groupName' is required when 'sync' is 'true'. + displayName: Group Name + path: groupName + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Name of the team to synchronize or unsynchronize with an OIDC + group. That team must exist (see the Team resource to create it). + displayName: Name + path: name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Name of the organization for the team. That organization must + exist. + displayName: Organization + path: organization + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: If 'true', then the team members are retrieved from the OIDC + group that you define in 'groupName'. The pre-existing members are removed + from the team before the synchronization process starts. Existing robot + account members are not removed. If 'false', then the synchronization from + OIDC is disabled. + displayName: Sync + path: sync + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + - description: Create, delete, and update teams in organizations. + displayName: Team + kind: Team + name: teams.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the Team resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: If 'true', then add the users specified in 'members' to the team. + If 'false', then the resource sets the team members to users specified in + 'members', removing all others users from the team. + displayName: Append + path: append + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Text in Markdown format that describes the team. + displayName: Description + path: description + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: List of the user or robot accounts in the team. Use the syntax + 'organization'+'robotshortname' for robot accounts. If the team is synchronized + with an LDAP group (see the TeamLdap resource), then you can only add or + remove robot accounts. + displayName: Members + path: members + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Name of the team to create, remove, or modify. The name must + be in lowercase, must not contain white spaces, must not start by a digit, + and must be at least two characters long. + displayName: Name + path: name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Name of the organization for the team. That organization must + exist. + displayName: Organization + path: organization + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Role of the team within the organization. If not set, then the + new team has the 'member' role. + displayName: Role + path: role + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + - description: Create, delete, and update user accounts in Quay Container Registry. + displayName: User + kind: User + name: users.quay.herve4m.github.io + resources: + - kind: Secret + name: "" + version: v1 + specDescriptors: + - description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + displayName: Connection Parameters Secret + path: connSecretRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - description: Name of the secret resource. + displayName: Secret Name + path: connSecretRef.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Secret + - description: Namespace that stores the secret resource. + displayName: Secret Namespace + path: connSecretRef.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:SecretRef + - urn:alm:descriptor:io.kubernetes:Namespace + - description: | + Whether to preserve the corresponding Quay object when you delete the User resource. + displayName: Preserve Object in Quay on Deletion + path: preserveInQuayOnDeletion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: User's email address. If your Quay administrator has enabled + the mailing capability of your Quay installation ('FEATURE_MAILING' to 'true' + in 'config.yaml'), then this 'email' parameter is mandatory. + displayName: Email + path: email + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Enable ('true') or disable ('false') the user account. When their + account is disabled, the user cannot log in to the web UI and cannot push + or pull container images. + displayName: Enabled + path: enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: User's password as a clear string. The password must be at least + eight characters long and must not contain white spaces. + displayName: Password + path: password + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:password + - description: Grant superuser permissions to the user. Granting superuser privileges + to a user is not immediate and usually requires a restart of the Quay Container + Registry service. You cannot revoke superuser permissions. + displayName: Superuser + path: superuser + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Name of the user account to create, remove, or modify. + displayName: Username + path: username + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + statusDescriptors: + - description: Observed conditions of Quay components. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Whether the resource has been created in Quay + displayName: Exist in Quay + path: existInQuay + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Error message when the process fails. + displayName: Error Message + path: message + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 + description: | + ## Overview + + The API Operator for Quay manages Quay Container Registry components. + The operator does not install Quay, which you can install in Kubernetes by using the [Quay Operator](https://operatorhub.io/operator/project-quay), or outside Kubernetes as a standalone deployment. + + The operator provides Kubernetes custom resources to create, configure, and delete Quay objects. + For example, the operator can manage Quay organizations, repositories, teams, and user and robot accounts. + It can also configure organization quotas, repository mirroring, and proxy caches. + + ## Usage + + All the operator's custom resources rely on a Secret resource to provide the connection parameters to the Quay instance. + + This secret resource must include the following data. + + * `host` - URL for accessing the Quay API, such as https://quay.example.com:8443 for example. + * `validateCerts` - Whether to allow insecure connections to the API. + By default, insecure connections are refused. + * `token` - OAuth access token for authenticating against the API. + To create such a token see the [Creating an OAuth Access Token](https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/red_hat_quay_api_guide/index#creating-oauth-access-token) documentation. + * `username` - The username to use for authenticating against the API. + If `token` is set, then `username` is ignored. + * `password` - The password to use for authenticating against the API. + If `token` is set, then `password` is ignored. + + You can create the secret by using the `kubectl create secret` command. + + ```sh + kubectl create secret generic quay-credentials --from-literal host=https://quay.example.com:8443 --from-literal validateCerts=false --from-literal token=vFYyU2D0fHYXvcA3Y5TYfMrIMyVIH9YmxoVLsmku + ``` + + Or you can create the secret from a resource file. + + ```yaml + apiVersion: v1 + kind: Secret + metadata: + name: quay-credentials + stringData: + host: https://quay.example.com:8443 + validateCerts: "false" + token: vFYyU2D0fHYXvcA3Y5TYfMrIMyVIH9YmxoVLsmku + ``` + + You refer to this secret in your Quay custom resources by using the `connSecretRef` option. + + ```yaml + apiVersion: quay.herve4m.github.io/v1alpha1 + kind: Organization + metadata: + name: organization-sample + spec: + # Connection parameters in a Secret resource + connSecretRef: + name: quay-credentials + # By default, the operator looks for the secret in the same namespace as + # the organization resource, but you can specify a different namespace. + # namespace: mynamespace + + name: production + email: prodlist@example.com + timeMachineExpiration: 7d + autoPruneMethod: tags + autoPruneValue: "20" + preserveInQuayOnDeletion: false + ``` + + More examples are available on [GitHub](https://github.com/herve4m/quay-api-operator/tree/main/config/samples). + displayName: API Operator for Quay + icon: + - base64data: PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyNTguNTEgMjU4LjUxIj48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2QxZDFkMTt9LmNscy0ye2ZpbGw6IzhkOGQ4Zjt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPkFzc2V0IDQ8L3RpdGxlPjxnIGlkPSJMYXllcl8yIiBkYXRhLW5hbWU9IkxheWVyIDIiPjxnIGlkPSJMYXllcl8xLTIiIGRhdGEtbmFtZT0iTGF5ZXIgMSI+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNMTI5LjI1LDIwQTEwOS4xLDEwOS4xLDAsMCwxLDIwNi40LDIwNi40LDEwOS4xLDEwOS4xLDAsMSwxLDUyLjExLDUyLjExLDEwOC40NSwxMDguNDUsMCwwLDEsMTI5LjI1LDIwbTAtMjBoMEM1OC4xNiwwLDAsNTguMTYsMCwxMjkuMjVIMGMwLDcxLjA5LDU4LjE2LDEyOS4yNiwxMjkuMjUsMTI5LjI2aDBjNzEuMDksMCwxMjkuMjYtNTguMTcsMTI5LjI2LTEyOS4yNmgwQzI1OC41MSw1OC4xNiwyMDAuMzQsMCwxMjkuMjUsMFoiLz48cGF0aCBjbGFzcz0iY2xzLTIiIGQ9Ik0xNzcuNTQsMTAzLjQxSDE0MS42NkwxNTQuOSw2NS43NmMxLjI1LTQuNC0yLjMzLTguNzYtNy4yMS04Ljc2SDEwMi45M2E3LjMyLDcuMzIsMCwwLDAtNy40LDZsLTEwLDY5LjYxYy0uNTksNC4xNywyLjg5LDcuODksNy40LDcuODloMzYuOUwxMTUuNTUsMTk3Yy0xLjEyLDQuNDEsMi40OCw4LjU1LDcuMjQsOC41NWE3LjU4LDcuNTgsMCwwLDAsNi40Ny0zLjQ4TDE4NCwxMTMuODVDMTg2Ljg2LDEwOS4yNCwxODMuMjksMTAzLjQxLDE3Ny41NCwxMDMuNDFaIi8+PC9nPjwvZz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - apitokens + - apitokens/status + - apitokens/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - applications + - applications/status + - applications/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - defaultperms + - defaultperms/status + - defaultperms/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - dockertokens + - dockertokens/status + - dockertokens/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - firstusers + - firstusers/status + - firstusers/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - manifestlabels + - manifestlabels/status + - manifestlabels/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - messages + - messages/status + - messages/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - notifications + - notifications/status + - notifications/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - organizations + - organizations/status + - organizations/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - proxycaches + - proxycaches/status + - proxycaches/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - quotas + - quotas/status + - quotas/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - repositories + - repositories/status + - repositories/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - repositorymirrors + - repositorymirrors/status + - repositorymirrors/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - robots + - robots/status + - robots/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - tags + - tags/status + - tags/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - teams + - teams/status + - teams/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - teamldaps + - teamldaps/status + - teamldaps/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - teamoidcs + - teamoidcs/status + - teamoidcs/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quay.herve4m.github.io + resources: + - users + - users/status + - users/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: quay-api-operator-controller-manager + deployments: + - label: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: quay-api-operator + control-plane: controller-manager + name: quay-api-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.16.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - args: + - --health-probe-bind-address=:6789 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --leader-election-id=quay-api-operator + env: + - name: ANSIBLE_GATHERING + value: explicit + image: quay.io/herve4m/quay-api-operator:1.0.0 + livenessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 6789 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 3Gi + requests: + cpu: 10m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: quay-api-operator-controller-manager + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: quay-api-operator-controller-manager + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - API + - Quay + - containers + - registry + - gitops + links: + - name: Operator Documentation + url: https://herve4m.github.io/quay-api-operator/ + - name: Project Quay + url: https://www.projectquay.io/ + maintainers: + - email: herve.quatremain@redhat.com + name: Hervé Quatremain + maturity: alpha + minKubeVersion: 1.27.0 + nativeAPIs: + - group: "" + kind: Secret + version: v1 + provider: + name: Quay Community + version: 1.0.0 diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_apitokens.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_apitokens.yaml new file mode 100644 index 00000000000..dec7de13f95 --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_apitokens.yaml @@ -0,0 +1,161 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: apitokens.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: ApiToken + plural: apitokens + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Create OAuth access tokens for accessing the Quay Container Registry + API + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of ApiToken + oneOf: + - required: + - clientId + - required: + - clientIdFrom + properties: + clientId: + description: The client ID associated with the OAuth application to + use for generating the OAuth access token. See the Application resource + to create an application object and to retrieve the associated client + ID. + type: string + clientIdFrom: + description: | + Reference to the secret resource that stores the client ID of the application. + You specify the key that stores this client ID by using the 'key' parameter. By default the operator looks for a 'clientId' key in the secret. + Mutually exclusive with 'clientId'. + properties: + key: + default: clientId + description: | + In the secret resource, key that stores the client ID. + type: string + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current ApiToken resource. + type: string + required: + - name + type: object + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current ApiToken resource. + type: string + required: + - name + type: object + forUser: + description: The username to generate an OAuth access token for. The + user receives a notification in the web interface, which enables + the user to retrieve the token. When you use this option, the resource + does not return the token. Requires Quay version 3.12 or later. + type: string + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the ApiToken resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + retSecretRef: + description: | + RetSecretRef is the secret resource that the ApiToken resource creates. This secret will store the data that the resource generates: + + - accessToken - The OAuth access token. + - token - The OAuth access token (copy). + - host - URL for accessing the Quay API. + - validateCerts - Whether to allow insecure connections to the API. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is created in the same namespace as the current ApiToken resource. + type: string + required: + - name + type: object + rights: + default: + - repo:read + description: List of permissions to grant to the user account. 'all' + means all the permissions. + items: + enum: + - org:admin + - repo:admin + - repo:create + - repo:read + - repo:write + - super:user + - user:admin + - user:read + - all + type: string + type: array + required: + - connSecretRef + type: object + status: + description: | + Status defines the observed state of ApiToken + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_applications.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_applications.yaml new file mode 100644 index 00000000000..fcd6526070a --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_applications.yaml @@ -0,0 +1,138 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: applications.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: Application + plural: applications + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name in Quay + jsonPath: .spec.name + name: Quay name + type: string + - description: Organization in Quay + jsonPath: .spec.organization + name: Quay organization + type: string + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Manage Quay Container Registry applications + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Application + properties: + applicationUri: + description: URL to the application home page. + type: string + avatarEmail: + description: Email address that represents the avatar for the application. + format: email + type: string + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current Application resource. + type: string + required: + - name + type: object + description: + description: Description for the application. + type: string + name: + description: Name of the application to create, update, or delete. + Application names must be at least two characters long. + type: string + newName: + description: New name for the application. Setting this option changes + the name of the application which current name is provided in 'name'. + type: string + organization: + description: Name of the organization in which to manage the application. + type: string + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the Application resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + redirectUri: + description: Prefix of the application's OAuth redirection/callback + URLs. + type: string + retSecretRef: + description: | + RetSecretRef is the secret resource that the Application resource creates. This secret will store the data that the resource generates: + + - clientId - ID if the client associated with the application object. + - clientSecret - Secret for the client associated with the application object. + - name - Application name. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is created in the same namespace as the current Application resource. + type: string + required: + - name + type: object + required: + - connSecretRef + - name + - organization + type: object + status: + description: | + Status defines the observed state of Application + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_defaultperms.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_defaultperms.yaml new file mode 100644 index 00000000000..fde32b1999f --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_defaultperms.yaml @@ -0,0 +1,130 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: defaultperms.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: DefaultPerm + plural: defaultperms + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name in Quay + jsonPath: .spec.name + name: Quay name + type: string + - description: Organization in Quay + jsonPath: .spec.organization + name: Quay organization + type: string + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Manage Quay Container Registry default repository permissions + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of DefaultPerm + properties: + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current DefaultPerm resource. + type: string + required: + - name + type: object + creator: + description: Quay applies the default permission only when repositories + are created by the user that you define in 'creator'. By default, + if you do not provide that 'creator' parameter, then Quay applies + the default permission to all new repositories, whoever creates + them. You cannot use robot accounts or teams for the 'creator' parameter. + You can only use regular user accounts. + type: string + name: + description: Name of the user or team that gets permission to new + created repositories in the organization. For robot accounts use + the 'namespace'+'shortrobotname' format. + type: string + organization: + description: Name of the organization for the default permission. + That organization must exist. + type: string + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the DefaultPerm resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + role: + description: Permission that Quay automatically grants to the user + or team on new created repositories in the organization. If you + do not provide that parameter, then the resource uses 'read' by + default. + enum: + - read + - write + - admin + type: string + type: + default: user + description: Type of the account defined in 'name'. Choose 'user' + for both user and robot accounts. + enum: + - user + - team + type: string + required: + - connSecretRef + - name + - organization + type: object + status: + description: | + Status defines the observed state of DefaultPerm + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_dockertokens.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_dockertokens.yaml new file mode 100644 index 00000000000..bf16c684e6e --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_dockertokens.yaml @@ -0,0 +1,117 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: dockertokens.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: DockerToken + plural: dockertokens + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name in Quay + jsonPath: .spec.name + name: Quay name + type: string + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Manage tokens for accessing Quay Container Registry repositories + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of DockerToken + properties: + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current DockerToken resource. + type: string + required: + - name + type: object + name: + description: Name of the token to create or delete. + type: string + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the DockerToken resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + retSecretRef: + description: | + RetSecretRef is the secret resource that the DockerToken resource creates. This secret will store the data that the resource generates: + + - auth - Base64 encoding of the username and the token (''username':'tokenCode''). Some client configuration files, such as the '~/.docker/config.json' Docker configuration file, require that you provide the username and the token in that format. You can decode the string by using the 'base64 --decode' command. See the 'base64'(1) man page. + - created - Token creation date and time. + - dockerconfigjson - Base64 encoding of the '~/.docker/config.json' configuration file. The 'containers-auth.json'(5) man page describe the format of the file. + - expiration - Expiration date and time of the token. By default, tokens do not expire. In that case 'expiration' is 'null'. Your Quay administrator might have activated expiration by setting the 'APP_SPECIFIC_TOKEN_EXPIRATION' directive in the 'config.yaml' configuration file. + - lastAccessed - Last date and time the token was used. If the token has not been used yet, then 'lastAccessed' is 'null'. + - name - Name of the application token. + - tokenCode - Token to use as the password. + - username - Username to use with client commands such as 'docker' or 'podman'. When you use a token with those commands, do not use your login name but use this username instead. For Quay, that username is always '$app'. Because the '$' character is a special shell character, you might have to protect it with a backslash or by using single quotation marks. + - uuid - Internal ID of the application token. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is created in the same namespace as the current DockerToken resource. + type: string + required: + - name + type: object + required: + - connSecretRef + - name + type: object + status: + description: | + Status defines the observed state of DockerToken + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_firstusers.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_firstusers.yaml new file mode 100644 index 00000000000..1097e4dc2c5 --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_firstusers.yaml @@ -0,0 +1,136 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: firstusers.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: FirstUser + plural: firstusers + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Username in Quay + jsonPath: .spec.username + name: Quay username + type: string + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Create the first user account + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of FirstUser + properties: + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current FirstUser resource. + type: string + required: + - name + type: object + createToken: + description: If 'true', then an OAuth access token is created and + returned. You can use that returned token with the other Quay resources, + by setting it in the 'quayToken' parameter. The token is valid for + 2 hours 30 minutes. If 'false', then no access token is created. + type: boolean + email: + description: User's email address. If your Quay administrator has + enabled the mailing capability of your Quay installation ('FEATURE_MAILING' + to 'true' in 'config.yaml'), then this 'email' parameter is mandatory. + format: email + type: string + password: + description: User's password as a clear string. The password must + be at least eight characters long and must not contain white spaces. + format: password + type: string + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the FirstUser resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + retSecretRef: + description: | + RetSecretRef is the secret resource that the FirstUser resource creates. This secret will store the data that the resource generates: + + - accessToken - The access token that you can use for subsequent resource calls. The token is valid for 2 hours 30 minutes. + - token - The OAuth access token (copy). + - host - URL for accessing the Quay API. + - validateCerts - Whether to allow insecure connections to the API. + - email - User's email address. + - encryptedPassword - Encrypted user's password. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is created in the same namespace as the current FirstUser resource. + type: string + required: + - name + type: object + username: + description: Name of the user account to create. You probably want + that user account to have superuser permissions so that you can + use the returned token to create additional objects. To do so, add + the account name to the 'SUPER_USERS' section in the 'config.yaml' + file before using the FirstUser resource. + type: string + required: + - connSecretRef + - password + - username + type: object + status: + description: | + Status defines the observed state of FirstUser + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_manifestlabels.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_manifestlabels.yaml new file mode 100644 index 00000000000..58a68f07919 --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_manifestlabels.yaml @@ -0,0 +1,129 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: manifestlabels.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: ManifestLabel + plural: manifestlabels + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Manage Quay Container Registry image manifest labels + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of ManifestLabel + properties: + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current ManifestLabel resource. + type: string + required: + - name + type: object + image: + description: Manifest to update. The format is 'namespace'/'repository':'tag' + or 'namespace'/'repository'@'digest'. The namespace can be an organization + or a personal namespace. If you omit the namespace part, then the + resource looks for the repository in your personal namespace. If + you omit the tag and the digest part, then 'latest' is assumed. + type: string + key: + description: Label's key. + type: string + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the ManifestLabel resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + replace: + default: true + description: Only used when 'state=present'. If 'true', then the resource + deletes all the labels that use the key you define in the 'key' + parameter before adding the new label. If 'false', then the resource + adds the new label even if existing labels already use the key you + define in the 'key' parameter. Quay supports multiple labels with + the same key. + type: boolean + retSecretRef: + description: | + RetSecretRef is the secret resource that the ManifestLabel resource creates. This secret will store the data that the resource generates: + + - id - Internal identifier of the label. + - key - Label's key. + - mediaType - Format of the label ('text/plain' or 'application/json'). + - sourceType - Whether the label has been set by the Containerfile/Dockerfile manifest ('manifest'), or by an API call or from the web UI ('api'). Labels set in Containerfile/Dockerfile manifests are read-only. + - value - Label's value. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is created in the same namespace as the current ManifestLabel resource. + type: string + required: + - name + type: object + value: + description: Label's value. Required when 'state=present'. + type: string + required: + - connSecretRef + - image + - key + type: object + status: + description: | + Status defines the observed state of ManifestLabel + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_messages.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_messages.yaml new file mode 100644 index 00000000000..7f1bd22f564 --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_messages.yaml @@ -0,0 +1,127 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: messages.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: Message + plural: messages + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Manage Quay Container Registry global messages + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Message + properties: + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current Message resource. + type: string + required: + - name + type: object + content: + description: Text of the message to display on each web UI page. + type: string + format: + description: Format of the text in 'content'. If you do not set this + parameter, then the resource uses the 'plain' format. + enum: + - markdown + - plain + type: string + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the Message resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + regexp: + description: The regular expression to look for in the existing messages. + This does not have to match an entire line. For 'state=present', + if several messages match, then the resource updates one and deletes + the others. For 'state=absent', the resource deletes all the messages + that match. Uses Python regular expressions. See . + Mutually exclusive with 'searchString'. + type: string + searchSeverity: + description: Search messages by their severity level. If you also + set 'searchString', 'regexp', or 'content', messages must match + all those criteria. + enum: + - info + - warning + - error + type: string + searchString: + description: The literal string to look for in the existing messages. + This does not have to match an entire line. For 'state=present', + if several messages match, then the resource updates one and deletes + the others. For 'state=absent', the resource deletes all the messages + that match. Mutually exclusive with 'regexp'. + type: string + severity: + description: Severity of the message. If you do not set this parameter, + then the resource creates the message with the 'info' severity. + enum: + - info + - warning + - error + type: string + required: + - connSecretRef + type: object + status: + description: | + Status defines the observed state of Message + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_notifications.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_notifications.yaml new file mode 100644 index 00000000000..d125648057e --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_notifications.yaml @@ -0,0 +1,216 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: notifications.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: Notification + plural: notifications + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Repository in Quay + jsonPath: .spec.repository + name: Quay repository + type: string + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Manage Quay Container Registry repository notifications + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Notification + properties: + config: + description: Configuration parameters for the notification method. + properties: + email: + description: Destination email address. Required by the email + notification method. + format: email + type: string + flowApiToken: + description: API token required for the Flowdock notification + method. + type: string + name: + description: Name of the account, team, or organization. Robot + accounts are not allowed. Required by the Quay Notification + method. + type: string + notificationToken: + description: Notification token required for the HipChat notification + method. + type: string + roomId: + description: Chat room ID required for the HipChat notification + method. + type: string + template: + description: JSON data for the body content of the webhook POST + method. + type: string + type: + default: user + description: Specifies the type of the account defined in 'config.name'. + Only applies to the Quay Notification method. + enum: + - user + - team + - org + type: string + url: + description: Webhook URL for the Slack method or POST URL for + the webhook POST method. + type: string + type: object + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current Notification resource. + type: string + required: + - name + type: object + event: + description: Event that triggers the notification. Depending of the + activated Quay components, not all events might be available on + your system. + enum: + - repo_push + - build_failure + - build_queued + - build_start + - build_success + - build_cancelled + - vulnerability_found + - repo_mirror_sync_started + - repo_mirror_sync_success + - repo_mirror_sync_failed + - repo_image_expiry + type: string + imageExpiryDays: + default: 7 + description: Only used when 'event' is 'repo_image_expiry'. The notification + is triggered when the image expires in the specified number of days. + type: integer + method: + description: Notification method. Each method requires a specific + set of options that you define by using the 'config' parameter. + The email notification method is only available on Quay installations + where the mailing capability has been activated ('FEATURE_MAILING' + to 'true' in 'config.yaml'). + enum: + - email + - flowdock + - hipchat + - quay_notification + - slack + - webhook + type: string + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the Notification resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + regexp: + description: The regular expression to search in the title of the + existing notifications. This does not have to match the entire title. + The resource uses that regular expression to select the notifications + to process. For 'state=present', the resource resets the failure + counter (if 'resetFailcount' is 'true') or initiates a test (if + 'test' is 'true') of all the matching notifications. For 'state=absent', + the resource deletes all the notifications that match. Uses Python + regular expressions. See . + Mutually exclusive with 'searchString'. + type: string + repository: + description: Name of the repository which contains the notifications + to manage. The format for the name is 'namespace'/'shortname'. The + namespace can be an organization or a personal namespace. If you + omit the namespace part in the name, then the resource looks for + the repository in your personal namespace. + type: string + resetFailcount: + description: Reset the notification failure counter. + type: boolean + searchString: + description: The literal string to search in the title of the existing + notifications. This does not have to match the entire line. For + 'state=present', the resource resets the failure counter (if 'resetFailcount' + is 'true') or initiates a test (if 'test' is 'true') of all the + matching notifications. For 'state=absent', the resource deletes + all the notifications that match. Mutually exclusive with 'regexp'. + type: string + test: + description: Initiate a test of the notification. + type: boolean + title: + description: Notification title. + type: string + vulnerabilityLevel: + description: Only used when 'event' is 'vulnerability_found'. The + notification is triggered when the vulnerability has a level equal + or higher to the level that you define in 'vulnerabilityLevel'. + enum: + - critical + - high + - medium + - low + - negligible + - unknown + type: string + required: + - connSecretRef + - repository + type: object + status: + description: | + Status defines the observed state of Notification + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_organizations.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_organizations.yaml new file mode 100644 index 00000000000..ae2ca4469eb --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_organizations.yaml @@ -0,0 +1,143 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: organizations.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: Organization + plural: organizations + shortNames: + - org + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name in Quay + jsonPath: .spec.name + name: Quay name + type: string + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Manage Quay Container Registry organizations + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Organization + properties: + autoPruneMethod: + description: Method to use for the auto-pruning tags policy. If 'none', + then the resource ensures that no policy is in place. The tags are + not pruned. If 'tags', then the policy keeps only the number of + tags that you specify in 'autoPruneValue'. If 'date', then the policy + deletes the tags older than the time period that you specify in + 'autoPruneValue'. 'autoPruneValue' is required when 'autoPruneMethod' + is 'tags' or 'date'. + enum: + - none + - tags + - date + type: string + autoPruneValue: + description: Number of tags to keep when 'autoPruneMethod' is 'tags'. + The value must be 1 or more. Period of time when 'autoPruneMethod' + is 'date'. The value must be 1 or more, and must be followed by + a suffix; s (for second), m (for minute), h (for hour), d (for day), + or w (for week). 'autoPruneMethod' is required when 'autoPruneValue' + is set. + type: string + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current Organization resource. + type: string + required: + - name + type: object + email: + description: Email address to associate with the new organization. + If your Quay administrator has enabled the mailing capability of + your Quay installation ('FEATURE_MAILING' to 'true' in 'config.yaml'), + then this 'email' parameter is mandatory. You cannot use the same + address as your account email. + format: email + type: string + name: + description: Name of the organization to create, remove, or modify. + The name must be in lowercase and must not contain white spaces. + For compatibility with earlier versions of Docker, the name must + be at least four characters long. + type: string + newName: + description: New name for the organization. Setting this option changes + the name of the organization which current name is provided in 'name'. + The token you use to connect to the API (in 'quayToken') must have + the "Super User Access" permission. + type: string + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the Organization resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + timeMachineExpiration: + description: The amount of time, after a tag is deleted, that the + tag is accessible in time machine before being garbage collected. + enum: + - 0s + - 1d + - 7d + - 14d + - 1month + type: string + required: + - connSecretRef + - name + type: object + status: + description: | + Status defines the observed state of Organization + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_proxycaches.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_proxycaches.yaml new file mode 100644 index 00000000000..76e8925e316 --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_proxycaches.yaml @@ -0,0 +1,118 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: proxycaches.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: ProxyCache + plural: proxycaches + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Organization in Quay + jsonPath: .spec.organization + name: Quay organization + type: string + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Manage Quay Container Registry proxy cache configurations + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of ProxyCache + properties: + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current ProxyCache resource. + type: string + required: + - name + type: object + expiration: + default: 86400 + description: Tag expiration in seconds for cached images. 86400 (one + day) by default. + type: integer + insecure: + description: Whether to allow insecure connections to the remote registry. + If 'true', then the resource does not validate SSL certificates. + type: boolean + organization: + description: Name of the organization in which to create the proxy + cache configuration. That organization must exist. + type: string + password: + description: User's password as a clear string. Do not set a password + for a public access to the remote registry. + format: password + type: string + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the ProxyCache resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + registry: + default: quay.io + description: Name of the remote registry. Add a namespace to the remote + registry to restrict caching images from that namespace. + type: string + username: + description: Name of the user account to use for authenticating with + the remote registry. Do not set a username for a public access to + the remote registry. + type: string + required: + - connSecretRef + - organization + type: object + status: + description: | + Status defines the observed state of ProxyCache + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_quotas.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_quotas.yaml new file mode 100644 index 00000000000..c48e7f1cbd2 --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_quotas.yaml @@ -0,0 +1,108 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: quotas.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: Quota + plural: quotas + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Organization in Quay + jsonPath: .spec.organization + name: Quay organization + type: string + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Manage Quay Container Registry organizations quota + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Quota + properties: + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current Quota resource. + type: string + required: + - name + type: object + organization: + description: Name of the organization. That organization must exist. + type: string + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the Quota resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + quota: + description: Quota that Quay uses to compute the warning and reject + limits for the organization. You specify a quota in bytes, but you + can also use the K[i]B, M[i]B, G[i]B, or T[i]B suffixes. + type: string + rejectPct: + description: Reject (hard) limit as a percentage of the quota. Quay + terminates any image push in the organization when the limit is + reached. Set 'rejectPct' to '0' to remove the reject limit. + type: integer + warningPct: + description: Warning (soft) limit as a percentage of the quota. Quay + notifies the users when the limit is reached. Set 'warningPct' to + '0' to remove the warning limit. + type: integer + required: + - connSecretRef + - organization + type: object + status: + description: | + Status defines the observed state of Quota + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_repositories.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_repositories.yaml new file mode 100644 index 00000000000..042bd66c628 --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_repositories.yaml @@ -0,0 +1,186 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: repositories.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: Repository + plural: repositories + shortNames: + - repo + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name in Quay + jsonPath: .spec.name + name: Quay name + type: string + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Manage Quay Container Registry repositories + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Repository + properties: + append: + default: true + description: If 'true', then add the permission defined in 'perms' + to the repository. If 'false', then the resource sets the permissions + specified in 'perms', removing all others permissions from the repository. + type: boolean + autoPruneMethod: + description: Method to use for the auto-pruning tags policy. If 'none', + then the resource ensures that no policy is in place. The tags are + not pruned. If 'tags', then the policy keeps only the number of + tags that you specify in 'autoPruneValue'. If 'date', then the policy + deletes the tags older than the time period that you specify in + 'autoPruneValue'. 'autoPruneValue' is required when 'autoPruneMethod' + is 'tags' or 'date'. + enum: + - none + - tags + - date + type: string + autoPruneValue: + description: Number of tags to keep when 'autoPruneMethod' is 'tags'. + The value must be 1 or more. Period of time when 'autoPruneMethod' + is 'date'. The value must be 1 or more, and must be followed by + a suffix; s (for second), m (for minute), h (for hour), d (for day), + or w (for week). 'autoPruneMethod' is required when 'autoPruneValue' + is set. + type: string + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current Repository resource. + type: string + required: + - name + type: object + description: + description: Text in Markdown format that describes the repository. + type: string + name: + description: Name of the repository to create, remove, or modify. + The format for the name is 'namespace'/'shortname'. The namespace + can be an organization or a personal namespace. The name must be + in lowercase and must not contain white spaces. If you omit the + namespace part in the name, then the resource uses your personal + namespace. + type: string + perms: + description: User, robot, and team permissions to associate with the + repository. + items: + properties: + name: + description: Name of the account. The format for robot accounts + is 'namespace'+'shortrobotname'. + type: string + role: + default: read + description: Type of permission to grant. + enum: + - read + - write + - admin + type: string + type: + default: user + description: Specifies the type of the account. Choose 'user' + for both user and robot accounts. + enum: + - user + - team + type: string + required: + - name + type: object + type: array + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the Repository resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + repoState: + description: If 'NORMAL', then the repository is in the default state + (read/write). If 'READ_ONLY', then the repository is read-only. + If 'MIRROR', then the repository is a mirror and you can configure + it by using the RepositoryMirror resource. You must enable the mirroring + capability of your Quay installation to use this 'repoState' parameter. + enum: + - NORMAL + - READ_ONLY + - MIRROR + type: string + star: + description: If 'true', then add a star to the repository. If 'false', + then remove the star. To star or unstar a repository you must provide + the 'quayToken' parameter to authenticate. If you are not authenticated, + then the resource ignores the 'star' parameter. + type: boolean + visibility: + description: If 'public', then anyone can pull images from the repository. + If 'private', then nobody can access the repository and you need + to explicitly grant access to users, robots, and teams. If you do + not set the parameter when you create a repository, then it defaults + to 'private'. + enum: + - public + - private + type: string + required: + - connSecretRef + - name + type: object + status: + description: | + Status defines the observed state of Repository + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_repositorymirrors.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_repositorymirrors.yaml new file mode 100644 index 00000000000..39780537317 --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_repositorymirrors.yaml @@ -0,0 +1,158 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: repositorymirrors.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: RepositoryMirror + plural: repositorymirrors + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name in Quay + jsonPath: .spec.name + name: Quay name + type: string + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Manage Quay Container Registry repository mirror configurations + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of RepositoryMirror + properties: + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current RepositoryMirror resource. + type: string + required: + - name + type: object + externalReference: + description: Path to the remote container repository to synchronize, + such as quay.io/projectquay/quay for example. That parameter is + required when creating the mirroring configuration. + type: string + externalRegistryPassword: + description: Password to use for pulling the image from the remote + registry. + format: password + type: string + externalRegistryUsername: + description: Username to use for pulling the image from the remote + registry. + type: string + forceSync: + description: Triggers an immediate image synchronization. + type: boolean + httpProxy: + description: HTTP proxy to use for accessing the remote container + registry. See the 'curl' documentation for more details. By default, + no proxy is used. + type: string + httpsProxy: + description: HTTPS proxy to use for accessing the remote container + registry. See the 'curl' documentation for more details. By default, + no proxy is used. + type: string + imageTags: + description: List of image tags to be synchronized from the remote + repository. + items: + type: string + type: array + isEnabled: + description: Defines whether the mirror configuration is active or + inactive. 'false' by default. + type: boolean + name: + description: Name of the existing repository for which the mirror + parameters are configured. The format for the name is 'namespace'/'shortname'. + The namespace can only be an organization namespace. + type: string + noProxy: + description: Comma-separated list of hosts for which the proxy should + not be used. Only relevant when you also specify a proxy configuration + by setting the 'httpProxy' or 'httpsProxy' variables. See the 'curl' + documentation for more details. + type: string + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the RepositoryMirror resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + robotUsername: + description: Username of the robot account that is used for synchronization. + That parameter is required when creating the mirroring configuration. + type: string + syncInterval: + description: Synchronization interval for this repository mirror in + seconds. 86400 (one day) by default. + type: integer + syncStartDate: + description: The date and time at which the first synchronization + should be initiated. The format for the 'syncStartDate' parameter + is ISO 8601 UTC, such as 2021-12-02T21:06:00Z. If you do not provide + the 'syncStartDate' parameter when you configure a new repository + mirror, then the synchronization is immediately active, and a synchronization + is initiated if the 'isEnabled' parameter is 'true'. + type: string + verifyTls: + description: Defines whether TLS of the external registry should be + verified. 'true' by default. + type: boolean + required: + - connSecretRef + - name + type: object + status: + description: | + Status defines the observed state of RepositoryMirror + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_robots.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_robots.yaml new file mode 100644 index 00000000000..53f220769b7 --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_robots.yaml @@ -0,0 +1,123 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: robots.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: Robot + plural: robots + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name in Quay + jsonPath: .spec.name + name: Quay name + type: string + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Manage Quay Container Registry robot accounts + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Robot + properties: + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current Robot resource. + type: string + required: + - name + type: object + description: + description: Description of the robot account. You cannot update the + description of existing robot accounts. + type: string + name: + description: Name of the robot account to create or remove, in the + format 'namespace'+'shortname'. The namespace can be an organization + or a personal namespace. The short name (the part after the '+' + sign) must be in lowercase, must not contain white spaces, must + not start by a digit, and must be at least two characters long. + If you omit the namespace part in the name, then the resource uses + your personal namespace. You can create and delete robot accounts + in your personal namespace, but not in the personal namespace of + other users. The token you use in 'quayToken' determines the user + account you are using. + type: string + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the Robot resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + retSecretRef: + description: | + RetSecretRef is the secret resource that the Robot resource creates. This secret will store the data that the resource generates: + + - name - Token name. From this name and the token, in 'token', you can construct a Docker configuration file that you can use to manage images in the container image registry. See DockerConfig#filter. + - token - Robot credential (token). + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is created in the same namespace as the current Robot resource. + type: string + required: + - name + type: object + required: + - connSecretRef + - name + type: object + status: + description: | + Status defines the observed state of Robot + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_tags.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_tags.yaml new file mode 100644 index 00000000000..fde928b6a6b --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_tags.yaml @@ -0,0 +1,115 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: tags.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: Tag + plural: tags + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Manage Quay Container Registry image tags + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Tag + properties: + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current Tag resource. + type: string + required: + - name + type: object + expiration: + description: Expiration date and time for the tag. The format is 'YYYYMMDDHHMM.SS' + but you can change it by setting the 'expirationFormat' parameter. + You cannot set an expiration date more that two years in the future. + If you do so, then Quay forces the date at that two years boundary. + You cannot set an expiration date in the past. + type: string + expirationFormat: + default: '%Y%m%d%H%M.%S' + description: Indicate the time format used in the 'expiration' parameter. + Based on default Python format (see ). + type: string + image: + description: Name of the existing image. The format is 'namespace'/'repository':'tag' + or 'namespace'/'repository'@'digest'. The namespace can be an organization + or a personal namespace. If you omit the namespace part, then the + resource looks for the repository in your personal namespace. If + you omit the tag and the digest part, then 'latest' is assumed. + type: string + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the Tag resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + tag: + description: When 'state=present', the 'tag' parameter provides the + new tag to add to the image. If another image already uses that + tag, then the resource removes the tag from that other image first. + When 'state=absent', the 'tag' parameter indicates the tag to remove. + If you do not set that 'tag' parameter, then the resource removes + the tag that you give in the image name with the 'image' parameter. + When you specify the image by its digest, in the 'image' parameter, + then that 'tag' parameter is mandatory. + type: string + required: + - connSecretRef + - image + type: object + status: + description: | + Status defines the observed state of Tag + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_teamldaps.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_teamldaps.yaml new file mode 100644 index 00000000000..24391093fa2 --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_teamldaps.yaml @@ -0,0 +1,128 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: teamldaps.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: TeamLdap + plural: teamldaps + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name in Quay + jsonPath: .spec.name + name: Quay name + type: string + - description: Organization in Quay + jsonPath: .spec.organization + name: Quay organization + type: string + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Synchronize Quay Container Registry teams with LDAP groups + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of TeamLdap + properties: + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current TeamLdap resource. + type: string + required: + - name + type: object + groupDn: + description: LDAP group distinguished name (DN), relative to the base + DN that you defined in the 'config.yaml' Quay configuration file + with the 'LDAP_BASE_DN' parameter. For example, if the LDAP group + DN is 'cn=group1,ou=groups,dc=example,dc=org' and the base DN is + 'dc=example,dc=org', then you must set 'groupDn' to 'cn=group1,ou=groups'. + 'groupDn' is required when 'sync' is 'true'. + type: string + keepUsers: + default: true + description: If 'true', then the current team members are kept after + the synchronization is disabled. If 'false', then the team members + are removed (except robot accounts). 'keepUsers' is only used when + 'sync' is 'false'. + type: boolean + name: + description: Name of the team to synchronize or unsynchronize with + an LDAP group. That team must exist (see the Team resource to create + it). + type: string + organization: + description: Name of the organization for the team. That organization + must exist. + type: string + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the TeamLdap resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + sync: + default: true + description: If 'true', then the team members are retrieved from the + LDAP group that you define in 'groupDn'. The pre-existing members + are removed from the team before the synchronization process starts. + Existing robot account members are not removed. If 'false', then + the synchronization from LDAP is disabled. Existing team members + (from LDAP) are kept, except if you set 'keepUsers' to 'false'. + type: boolean + required: + - connSecretRef + - name + - organization + type: object + status: + description: | + Status defines the observed state of TeamLdap + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_teamoidcs.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_teamoidcs.yaml new file mode 100644 index 00000000000..5029d7ded58 --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_teamoidcs.yaml @@ -0,0 +1,116 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: teamoidcs.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: TeamOidc + plural: teamoidcs + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name in Quay + jsonPath: .spec.name + name: Quay name + type: string + - description: Organization in Quay + jsonPath: .spec.organization + name: Quay organization + type: string + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Synchronize Quay Container Registry teams with OIDC groups + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of TeamOidc + properties: + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current TeamOidc resource. + type: string + required: + - name + type: object + groupName: + description: OIDC group name. 'groupName' is required when 'sync' + is 'true'. + type: string + name: + description: Name of the team to synchronize or unsynchronize with + an OIDC group. That team must exist (see the Team resource to create + it). + type: string + organization: + description: Name of the organization for the team. That organization + must exist. + type: string + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the TeamOidc resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + sync: + default: true + description: If 'true', then the team members are retrieved from the + OIDC group that you define in 'groupName'. The pre-existing members + are removed from the team before the synchronization process starts. + Existing robot account members are not removed. If 'false', then + the synchronization from OIDC is disabled. + type: boolean + required: + - connSecretRef + - name + - organization + type: object + status: + description: | + Status defines the observed state of TeamOidc + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_teams.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_teams.yaml new file mode 100644 index 00000000000..61abca0e841 --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_teams.yaml @@ -0,0 +1,130 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: teams.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: Team + plural: teams + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name in Quay + jsonPath: .spec.name + name: Quay name + type: string + - description: Organization in Quay + jsonPath: .spec.organization + name: Quay organization + type: string + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Manage Quay Container Registry teams + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Team + properties: + append: + default: true + description: If 'true', then add the users specified in 'members' + to the team. If 'false', then the resource sets the team members + to users specified in 'members', removing all others users from + the team. + type: boolean + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current Team resource. + type: string + required: + - name + type: object + description: + description: Text in Markdown format that describes the team. + type: string + members: + description: List of the user or robot accounts in the team. Use the + syntax 'organization'+'robotshortname' for robot accounts. If the + team is synchronized with an LDAP group (see the TeamLdap resource), + then you can only add or remove robot accounts. + items: + type: string + type: array + name: + description: Name of the team to create, remove, or modify. The name + must be in lowercase, must not contain white spaces, must not start + by a digit, and must be at least two characters long. + type: string + organization: + description: Name of the organization for the team. That organization + must exist. + type: string + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the Team resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + role: + description: Role of the team within the organization. If not set, + then the new team has the 'member' role. + enum: + - member + - creator + - admin + type: string + required: + - connSecretRef + - name + - organization + type: object + status: + description: | + Status defines the observed state of Team + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_users.yaml b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_users.yaml new file mode 100644 index 00000000000..865a900b5b8 --- /dev/null +++ b/operators/quay-api-operator/1.0.0/manifests/quay.herve4m.github.io_users.yaml @@ -0,0 +1,115 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: users.quay.herve4m.github.io +spec: + group: quay.herve4m.github.io + names: + kind: User + plural: users + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Username in Quay + jsonPath: .spec.username + name: Quay username + type: string + - description: The status of the resource creation process in Quay + jsonPath: .status.conditions[?(@.type == 'Successful')].status + name: Success + type: string + - description: The error message when the resource creation process fails + jsonPath: .status.message + name: Message + type: string + - description: The state of the reconciliation process + jsonPath: .status.conditions[?(@.type == 'Running')].reason + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Manage Quay Container Registry users + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of User + properties: + connSecretRef: + description: | + Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. + The secret must include the 'host', 'token' (or 'username' and 'password'), and optionally the 'validateCerts' keys. + properties: + name: + description: Name of the secret resource. + type: string + namespace: + description: | + Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current User resource. + type: string + required: + - name + type: object + email: + description: User's email address. If your Quay administrator has + enabled the mailing capability of your Quay installation ('FEATURE_MAILING' + to 'true' in 'config.yaml'), then this 'email' parameter is mandatory. + format: email + type: string + enabled: + description: Enable ('true') or disable ('false') the user account. + When their account is disabled, the user cannot log in to the web + UI and cannot push or pull container images. + type: boolean + password: + description: User's password as a clear string. The password must + be at least eight characters long and must not contain white spaces. + format: password + type: string + preserveInQuayOnDeletion: + default: false + description: | + Whether to preserve the corresponding Quay object when you delete the User resource. When set to 'false' (the default), the object is deleted from Quay. + type: boolean + superuser: + description: Grant superuser permissions to the user. Granting superuser + privileges to a user is not immediate and usually requires a restart + of the Quay Container Registry service. You cannot revoke superuser + permissions. + type: boolean + username: + description: Name of the user account to create, remove, or modify. + type: string + required: + - connSecretRef + - username + type: object + status: + description: | + Status defines the observed state of User + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/quay-api-operator/1.0.0/metadata/annotations.yaml b/operators/quay-api-operator/1.0.0/metadata/annotations.yaml new file mode 100644 index 00000000000..9652016ed65 --- /dev/null +++ b/operators/quay-api-operator/1.0.0/metadata/annotations.yaml @@ -0,0 +1,14 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: quay-api-operator + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.37.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: ansible.sdk.operatorframework.io/v1 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/quay-api-operator/1.0.0/tests/scorecard/config.yaml b/operators/quay-api-operator/1.0.0/tests/scorecard/config.yaml new file mode 100644 index 00000000000..aaf374d37d7 --- /dev/null +++ b/operators/quay-api-operator/1.0.0/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.37.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.37.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.37.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.37.0 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.37.0 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.37.0 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {}