Refer to these instructions to install Kapp Controller on a TKG cluster provisioned with TKr for vSphere 7.x.

Prerequisites

See Workflow for Installing Standard Packages on TKr for vSphere 7.x.

Install Kapp Controller

Important: These instructions are specific to TKrs for vSphere 7.x. TKrs for vSphere 8.x already include the Kapp Controller package. Do not manually install Kapp Controller on a TKr for vSphere 8.x.
Install Kapp Controller.
  1. Create a binding to run the Kapp Controller pod.
    kubectl create clusterrolebinding default-tkg-admin-privileged-binding --clusterrole=cluster-admin --group=system:authenticated
    Expected result:
    clusterrolebinding.rbac.authorization.k8s.io/default-tkg-admin-privileged-binding created
  2. Prepare kapp-controller.yaml.

    See

  3. Install Kapp Controller.
    kubectl apply -f kapp-controller.yaml
  4. Verify Kapp Controller installation.
    kubectl get all -n tkg-system
    Sample result:
    NAME                                 READY   STATUS    RESTARTS   AGE
    pod/kapp-controller-b7576ddd-p8s87   2/2     Running   0          5m33s 
    NAME                    TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
    service/packaging-api   ClusterIP   198.201.96.77   <none>        443/TCP   5m34s 
    NAME                              READY   UP-TO-DATE   AVAILABLE   AGE
    deployment.apps/kapp-controller   1/1     1            1           5m33s 
  5. Verify the Carvel custom resource.
    kubectl get crd | grep carvel
    Example result:
    internalpackagemetadatas.internal.packaging.carvel.dev   2024-03-12T08:27:21Z
    internalpackages.internal.packaging.carvel.dev           2024-03-12T08:27:21Z
    packageinstalls.packaging.carvel.dev                     2024-03-12T08:27:21Z
    packagerepositories.packaging.carvel.dev                 2024-03-12T08:27:22Z

kapp-controller.yaml

The following kapp-controller.yaml includes required securityContext settings.

---
apiVersion: v1
kind: Namespace
metadata:
  name: tkg-system
---
apiVersion: v1
kind: Namespace
metadata:
  name: kapp-controller-packaging-global
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
  name: v1alpha1.data.packaging.carvel.dev
spec:
  group: data.packaging.carvel.dev
  groupPriorityMinimum: 100
  service:
    name: packaging-api
    namespace: tkg-system
  version: v1alpha1
  versionPriority: 100
---
apiVersion: v1
kind: Service
metadata:
  name: packaging-api
  namespace: tkg-system
spec:
  ports:
  - port: 443
    protocol: TCP
    targetPort: api
  selector:
    app: kapp-controller
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: internalpackagemetadatas.internal.packaging.carvel.dev
spec:
  group: internal.packaging.carvel.dev
  names:
    kind: InternalPackageMetadata
    listKind: InternalPackageMetadataList
    plural: internalpackagemetadatas
    singular: internalpackagemetadata
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            properties:
              categories:
                description: Classifiers of the package (optional; Array of strings)
                items:
                  type: string
                type: array
              displayName:
                description: Human friendly name of the package (optional; string)
                type: string
              iconSVGBase64:
                description: Base64 encoded icon (optional; string)
                type: string
              longDescription:
                description: Long description of the package (optional; string)
                type: string
              maintainers:
                description: List of maintainer info for the package. Currently only
                  supports the name key. (optional; array of maintner info)
                items:
                  properties:
                    name:
                      type: string
                  type: object
                type: array
              providerName:
                description: Name of the entity distributing the package (optional;
                  string)
                type: string
              shortDescription:
                description: Short desription of the package (optional; string)
                type: string
              supportDescription:
                description: Description of the support available for the package
                  (optional; string)
                type: string
            type: object
        required:
        - spec
        type: object
    served: true
    storage: true
    subresources:
      status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: internalpackages.internal.packaging.carvel.dev
spec:
  group: internal.packaging.carvel.dev
  names:
    kind: InternalPackage
    listKind: InternalPackageList
    plural: internalpackages
    singular: internalpackage
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            properties:
              capacityRequirementsDescription:
                description: 'System requirements needed to install the package. Note:
                  these requirements will not be verified by kapp-controller on installation.
                  (optional; string)'
                type: string
              includedSoftware:
                description: IncludedSoftware can be used to show the software contents
                  of a Package. This is especially useful if the underlying versions
                  do not match the Package version
                items:
                  description: IncludedSoftware contains the underlying Software Contents
                    of a Package
                  properties:
                    description:
                      type: string
                    displayName:
                      type: string
                    version:
                      type: string
                  type: object
                type: array
              kappControllerVersionSelection:
                description: KappControllerVersionSelection specifies the versions
                  of kapp-controller which can install this package
                properties:
                  constraints:
                    type: string
                type: object
              kubernetesVersionSelection:
                description: KubernetesVersionSelection specifies the versions of
                  k8s which this package can be installed on
                properties:
                  constraints:
                    type: string
                type: object
              licenses:
                description: Description of the licenses that apply to the package
                  software (optional; Array of strings)
                items:
                  type: string
                type: array
              refName:
                description: The name of the PackageMetadata associated with this
                  version Must be a valid PackageMetadata name (see PackageMetadata
                  CR for details) Cannot be empty
                type: string
              releaseNotes:
                description: Version release notes (optional; string)
                type: string
              releasedAt:
                description: Timestamp of release (iso8601 formatted string; optional)
                format: date-time
                nullable: true
                type: string
              template:
                properties:
                  spec:
                    properties:
                      canceled:
                        description: Cancels current and future reconciliations (optional;
                          default=false)
                        type: boolean
                      cluster:
                        description: Specifies that app should be deployed to destination
                          cluster; by default, cluster is same as where this resource
                          resides (optional; v0.5.0+)
                        properties:
                          kubeconfigSecretRef:
                            description: Specifies secret containing kubeconfig (required)
                            properties:
                              key:
                                description: Specifies key that contains kubeconfig
                                  (optional)
                                type: string
                              name:
                                description: Specifies secret name within app's namespace
                                  (required)
                                type: string
                            type: object
                          namespace:
                            description: Specifies namespace in destination cluster
                              (optional)
                            type: string
                        type: object
                      deploy:
                        items:
                          properties:
                            kapp:
                              description: Use kapp to deploy resources
                              properties:
                                delete:
                                  description: Configuration for delete command (optional)
                                  properties:
                                    rawOptions:
                                      description: Pass through options to kapp delete
                                        (optional)
                                      items:
                                        type: string
                                      type: array
                                  type: object
                                inspect:
                                  description: 'Configuration for inspect command
                                    (optional) as of kapp-controller v0.31.0, inspect
                                    is disabled by default add rawOptions or use an
                                    empty inspect config like `inspect: {}` to enable'
                                  properties:
                                    rawOptions:
                                      description: Pass through options to kapp inspect
                                        (optional)
                                      items:
                                        type: string
                                      type: array
                                  type: object
                                intoNs:
                                  description: Override namespace for all resources
                                    (optional)
                                  type: string
                                mapNs:
                                  description: Provide custom namespace override mapping
                                    (optional)
                                  items:
                                    type: string
                                  type: array
                                rawOptions:
                                  description: Pass through options to kapp deploy
                                    (optional)
                                  items:
                                    type: string
                                  type: array
                              type: object
                          type: object
                        type: array
                      fetch:
                        items:
                          properties:
                            git:
                              description: Uses git to clone repository
                              properties:
                                lfsSkipSmudge:
                                  description: Skip lfs download (optional)
                                  type: boolean
                                ref:
                                  description: Branch, tag, commit; origin is the
                                    name of the remote (optional)
                                  type: string
                                refSelection:
                                  description: Specifies a strategy to resolve to
                                    an explicit ref (optional; v0.24.0+)
                                  properties:
                                    semver:
                                      properties:
                                        constraints:
                                          type: string
                                        prereleases:
                                          properties:
                                            identifiers:
                                              items:
                                                type: string
                                              type: array
                                          type: object
                                      type: object
                                  type: object
                                secretRef:
                                  description: 'Secret with auth details. allowed
                                    keys: ssh-privatekey, ssh-knownhosts, username,
                                    password (optional) (if ssh-knownhosts is not
                                    specified, git will not perform strict host checking)'
                                  properties:
                                    name:
                                      description: Object is expected to be within
                                        same namespace
                                      type: string
                                  type: object
                                subPath:
                                  description: Grab only portion of repository (optional)
                                  type: string
                                url:
                                  description: http or ssh urls are supported (required)
                                  type: string
                              type: object
                            helmChart:
                              description: Uses helm fetch to fetch specified chart
                              properties:
                                name:
                                  description: 'Example: stable/redis'
                                  type: string
                                repository:
                                  properties:
                                    secretRef:
                                      properties:
                                        name:
                                          description: Object is expected to be within
                                            same namespace
                                          type: string
                                      type: object
                                    url:
                                      description: Repository url; scheme of oci://
                                        will fetch experimental helm oci chart (v0.19.0+)
                                        (required)
                                      type: string
                                  type: object
                                version:
                                  type: string
                              type: object
                            http:
                              description: Uses http library to fetch file
                              properties:
                                secretRef:
                                  description: 'Secret to provide auth details (optional)
                                    Secret may include one or more keys: username,
                                    password'
                                  properties:
                                    name:
                                      description: Object is expected to be within
                                        same namespace
                                      type: string
                                  type: object
                                sha256:
                                  description: Checksum to verify after download (optional)
                                  type: string
                                subPath:
                                  description: Grab only portion of download (optional)
                                  type: string
                                url:
                                  description: 'URL can point to one of following
                                    formats: text, tgz, zip http and https url are
                                    supported; plain file, tgz and tar types are supported
                                    (required)'
                                  type: string
                              type: object
                            image:
                              description: Pulls content from Docker/OCI registry
                              properties:
                                secretRef:
                                  description: 'Secret may include one or more keys:
                                    username, password, token. By default anonymous
                                    access is used for authentication.'
                                  properties:
                                    name:
                                      description: Object is expected to be within
                                        same namespace
                                      type: string
                                  type: object
                                subPath:
                                  description: Grab only portion of image (optional)
                                  type: string
                                tagSelection:
                                  description: Specifies a strategy to choose a tag
                                    (optional; v0.24.0+) if specified, do not include
                                    a tag in url key
                                  properties:
                                    semver:
                                      properties:
                                        constraints:
                                          type: string
                                        prereleases:
                                          properties:
                                            identifiers:
                                              items:
                                                type: string
                                              type: array
                                          type: object
                                      type: object
                                  type: object
                                url:
                                  description: 'Docker image url; unqualified, tagged,
                                    or digest references supported (required) Example:
                                    username/app1-config:v0.1.0'
                                  type: string
                              type: object
                            imgpkgBundle:
                              description: Pulls imgpkg bundle from Docker/OCI registry
                                (v0.17.0+)
                              properties:
                                image:
                                  description: Docker image url; unqualified, tagged,
                                    or digest references supported (required)
                                  type: string
                                secretRef:
                                  description: 'Secret may include one or more keys:
                                    username, password, token. By default anonymous
                                    access is used for authentication.'
                                  properties:
                                    name:
                                      description: Object is expected to be within
                                        same namespace
                                      type: string
                                  type: object
                                tagSelection:
                                  description: Specifies a strategy to choose a tag
                                    (optional; v0.24.0+) if specified, do not include
                                    a tag in url key
                                  properties:
                                    semver:
                                      properties:
                                        constraints:
                                          type: string
                                        prereleases:
                                          properties:
                                            identifiers:
                                              items:
                                                type: string
                                              type: array
                                          type: object
                                      type: object
                                  type: object
                              type: object
                            inline:
                              description: Pulls content from within this resource;
                                or other resources in the cluster
                              properties:
                                paths:
                                  additionalProperties:
                                    type: string
                                  description: Specifies mapping of paths to their
                                    content; not recommended for sensitive values
                                    as CR is not encrypted (optional)
                                  type: object
                                pathsFrom:
                                  description: Specifies content via secrets and config
                                    maps; data values are recommended to be placed
                                    in secrets (optional)
                                  items:
                                    properties:
                                      configMapRef:
                                        properties:
                                          directoryPath:
                                            description: Specifies where to place
                                              files found in secret (optional)
                                            type: string
                                          name:
                                            type: string
                                        type: object
                                      secretRef:
                                        properties:
                                          directoryPath:
                                            description: Specifies where to place
                                              files found in secret (optional)
                                            type: string
                                          name:
                                            type: string
                                        type: object
                                    type: object
                                  type: array
                              type: object
                            path:
                              description: Relative path to place the fetched artifacts
                              type: string
                          type: object
                        type: array
                      noopDelete:
                        description: Deletion requests for the App will result in
                          the App CR being deleted, but its associated resources will
                          not be deleted (optional; default=false; v0.18.0+)
                        type: boolean
                      paused:
                        description: Pauses _future_ reconciliation; does _not_ affect
                          currently running reconciliation (optional; default=false)
                        type: boolean
                      serviceAccountName:
                        description: Specifies that app should be deployed authenticated
                          via given service account, found in this namespace (optional;
                          v0.6.0+)
                        type: string
                      syncPeriod:
                        description: Specifies the length of time to wait, in time
                          + unit format, before reconciling. Always >= 30s. If value
                          below 30s is specified, 30s will be used. (optional; v0.9.0+;
                          default=30s)
                        type: string
                      template:
                        items:
                          properties:
                            cue:
                              properties:
                                inputExpression:
                                  description: Cue expression for single path component,
                                    can be used to unify ValuesFrom into a given field
                                    (optional)
                                  type: string
                                outputExpression:
                                  description: Cue expression to output, default will
                                    export all visible fields (optional)
                                  type: string
                                paths:
                                  description: Explicit list of files/directories
                                    (optional)
                                  items:
                                    type: string
                                  type: array
                                valuesFrom:
                                  description: Provide values (optional)
                                  items:
                                    properties:
                                      configMapRef:
                                        properties:
                                          name:
                                            type: string
                                        type: object
                                      downwardAPI:
                                        properties:
                                          items:
                                            items:
                                              properties:
                                                fieldPath:
                                                  description: 'Required: Selects
                                                    a field of the app: only annotations,
                                                    labels, uid, name and namespace
                                                    are supported.'
                                                  type: string
                                                kappControllerVersion:
                                                  description: 'Optional: Get running
                                                    KappController version, defaults
                                                    (empty) to retrieving the current
                                                    running version.. Can be manually
                                                    supplied instead.'
                                                  properties:
                                                    version:
                                                      type: string
                                                  type: object
                                                kubernetesAPIs:
                                                  description: 'Optional: Get running
                                                    KubernetesAPIs from cluster, defaults
                                                    (empty) to retrieving the APIs
                                                    from the cluster. Can be manually
                                                    supplied instead, e.g ["group/version",
                                                    "group2/version2"]'
                                                  properties:
                                                    groupVersions:
                                                      items:
                                                        type: string
                                                      type: array
                                                  type: object
                                                kubernetesVersion:
                                                  description: 'Optional: Get running
                                                    Kubernetes version from cluster,
                                                    defaults (empty) to retrieving
                                                    the version from the cluster.
                                                    Can be manually supplied instead.'
                                                  properties:
                                                    version:
                                                      type: string
                                                  type: object
                                                name:
                                                  type: string
                                              type: object
                                            type: array
                                        type: object
                                      path:
                                        type: string
                                      secretRef:
                                        properties:
                                          name:
                                            type: string
                                        type: object
                                    type: object
                                  type: array
                              type: object
                            helmTemplate:
                              description: Use helm template command to render helm
                                chart
                              properties:
                                kubernetesAPIs:
                                  description: 'Optional: Use kubernetes group/versions
                                    resources available in the live cluster'
                                  properties:
                                    groupVersions:
                                      items:
                                        type: string
                                      type: array
                                  type: object
                                kubernetesVersion:
                                  description: 'Optional: Get Kubernetes version,
                                    defaults (empty) to retrieving the version from
                                    the cluster. Can be manually overridden to a value
                                    instead.'
                                  properties:
                                    version:
                                      type: string
                                  type: object
                                name:
                                  description: Set name explicitly, default is App
                                    CR's name (optional; v0.13.0+)
                                  type: string
                                namespace:
                                  description: Set namespace explicitly, default is
                                    App CR's namespace (optional; v0.13.0+)
                                  type: string
                                path:
                                  description: Path to chart (optional; v0.13.0+)
                                  type: string
                                valuesFrom:
                                  description: One or more secrets, config maps, paths
                                    that provide values (optional)
                                  items:
                                    properties:
                                      configMapRef:
                                        properties:
                                          name:
                                            type: string
                                        type: object
                                      downwardAPI:
                                        properties:
                                          items:
                                            items:
                                              properties:
                                                fieldPath:
                                                  description: 'Required: Selects
                                                    a field of the app: only annotations,
                                                    labels, uid, name and namespace
                                                    are supported.'
                                                  type: string
                                                kappControllerVersion:
                                                  description: 'Optional: Get running
                                                    KappController version, defaults
                                                    (empty) to retrieving the current
                                                    running version.. Can be manually
                                                    supplied instead.'
                                                  properties:
                                                    version:
                                                      type: string
                                                  type: object
                                                kubernetesAPIs:
                                                  description: 'Optional: Get running
                                                    KubernetesAPIs from cluster, defaults
                                                    (empty) to retrieving the APIs
                                                    from the cluster. Can be manually
                                                    supplied instead, e.g ["group/version",
                                                    "group2/version2"]'
                                                  properties:
                                                    groupVersions:
                                                      items:
                                                        type: string
                                                      type: array
                                                  type: object
                                                kubernetesVersion:
                                                  description: 'Optional: Get running
                                                    Kubernetes version from cluster,
                                                    defaults (empty) to retrieving
                                                    the version from the cluster.
                                                    Can be manually supplied instead.'
                                                  properties:
                                                    version:
                                                      type: string
                                                  type: object
                                                name:
                                                  type: string
                                              type: object
                                            type: array
                                        type: object
                                      path:
                                        type: string
                                      secretRef:
                                        properties:
                                          name:
                                            type: string
                                        type: object
                                    type: object
                                  type: array
                              type: object
                            jsonnet:
                              description: TODO implement jsonnet
                              type: object
                            kbld:
                              description: Use kbld to resolve image references to
                                use digests
                              properties:
                                paths:
                                  items:
                                    type: string
                                  type: array
                              type: object
                            kustomize:
                              description: TODO implement kustomize
                              type: object
                            sops:
                              description: Use sops to decrypt *.sops.yml files (optional;
                                v0.11.0+)
                              properties:
                                age:
                                  properties:
                                    privateKeysSecretRef:
                                      description: Secret with private armored PGP
                                        private keys (required)
                                      properties:
                                        name:
                                          type: string
                                      type: object
                                  type: object
                                paths:
                                  description: Lists paths to decrypt explicitly (optional;
                                    v0.13.0+)
                                  items:
                                    type: string
                                  type: array
                                pgp:
                                  description: Use PGP to decrypt files (required)
                                  properties:
                                    privateKeysSecretRef:
                                      description: Secret with private armored PGP
                                        private keys (required)
                                      properties:
                                        name:
                                          type: string
                                      type: object
                                  type: object
                              type: object
                            ytt:
                              description: Use ytt to template configuration
                              properties:
                                fileMarks:
                                  description: Control metadata about input files
                                    passed to ytt (optional; v0.18.0+) see https://carvel.dev/ytt/docs/latest/file-marks/
                                    for more details
                                  items:
                                    type: string
                                  type: array
                                ignoreUnknownComments:
                                  description: Ignores comments that ytt doesn't recognize
                                    (optional; default=false)
                                  type: boolean
                                inline:
                                  description: Specify additional files, including
                                    data values (optional)
                                  properties:
                                    paths:
                                      additionalProperties:
                                        type: string
                                      description: Specifies mapping of paths to their
                                        content; not recommended for sensitive values
                                        as CR is not encrypted (optional)
                                      type: object
                                    pathsFrom:
                                      description: Specifies content via secrets and
                                        config maps; data values are recommended to
                                        be placed in secrets (optional)
                                      items:
                                        properties:
                                          configMapRef:
                                            properties:
                                              directoryPath:
                                                description: Specifies where to place
                                                  files found in secret (optional)
                                                type: string
                                              name:
                                                type: string
                                            type: object
                                          secretRef:
                                            properties:
                                              directoryPath:
                                                description: Specifies where to place
                                                  files found in secret (optional)
                                                type: string
                                              name:
                                                type: string
                                            type: object
                                        type: object
                                      type: array
                                  type: object
                                paths:
                                  description: Lists paths to provide to ytt explicitly
                                    (optional)
                                  items:
                                    type: string
                                  type: array
                                strict:
                                  description: Forces strict mode https://github.com/k14s/ytt/blob/develop/docs/strict.md
                                    (optional; default=false)
                                  type: boolean
                                valuesFrom:
                                  description: Provide values via ytt's --data-values-file
                                    (optional; v0.19.0-alpha.9)
                                  items:
                                    properties:
                                      configMapRef:
                                        properties:
                                          name:
                                            type: string
                                        type: object
                                      downwardAPI:
                                        properties:
                                          items:
                                            items:
                                              properties:
                                                fieldPath:
                                                  description: 'Required: Selects
                                                    a field of the app: only annotations,
                                                    labels, uid, name and namespace
                                                    are supported.'
                                                  type: string
                                                kappControllerVersion:
                                                  description: 'Optional: Get running
                                                    KappController version, defaults
                                                    (empty) to retrieving the current
                                                    running version.. Can be manually
                                                    supplied instead.'
                                                  properties:
                                                    version:
                                                      type: string
                                                  type: object
                                                kubernetesAPIs:
                                                  description: 'Optional: Get running
                                                    KubernetesAPIs from cluster, defaults
                                                    (empty) to retrieving the APIs
                                                    from the cluster. Can be manually
                                                    supplied instead, e.g ["group/version",
                                                    "group2/version2"]'
                                                  properties:
                                                    groupVersions:
                                                      items:
                                                        type: string
                                                      type: array
                                                  type: object
                                                kubernetesVersion:
                                                  description: 'Optional: Get running
                                                    Kubernetes version from cluster,
                                                    defaults (empty) to retrieving
                                                    the version from the cluster.
                                                    Can be manually supplied instead.'
                                                  properties:
                                                    version:
                                                      type: string
                                                  type: object
                                                name:
                                                  type: string
                                              type: object
                                            type: array
                                        type: object
                                      path:
                                        type: string
                                      secretRef:
                                        properties:
                                          name:
                                            type: string
                                        type: object
                                    type: object
                                  type: array
                              type: object
                          type: object
                        type: array
                    type: object
                required:
                - spec
                type: object
              valuesSchema:
                description: valuesSchema can be used to show template values that
                  can be configured by users when a Package is installed in an OpenAPI
                  schema format.
                properties:
                  openAPIv3:
                    nullable: true
                    type: object
                    x-kubernetes-preserve-unknown-fields: true
                type: object
              version:
                description: Package version; Referenced by PackageInstall; Must be
                  valid semver (required) Cannot be empty
                type: string
            type: object
        required:
        - spec
        type: object
    served: true
    storage: true
    subresources:
      status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: apps.kappctrl.k14s.io
spec:
  group: kappctrl.k14s.io
  names:
    categories:
    - carvel
    kind: App
    listKind: AppList
    plural: apps
    singular: app
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - description: Friendly description
      jsonPath: .status.friendlyDescription
      name: Description
      type: string
    - description: Last time app started being deployed. Does not mean anything was
        changed.
      jsonPath: .status.deploy.startedAt
      name: Since-Deploy
      type: date
    - description: Time since creation
      jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    name: v1alpha1
    schema:
      openAPIV3Schema:
        description: 'An App is a set of Kubernetes resources. These resources could
          span any number of namespaces or could be cluster-wide (e.g. CRDs). An App
          is represented in kapp-controller using a App CR. The App CR comprises of
          three main sections: spec.fetch – declare source for fetching configuration
          and OCI images spec.template – declare templating tool and values spec.deploy
          – declare deployment tool and any deploy specific configuration'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            properties:
              canceled:
                description: Cancels current and future reconciliations (optional;
                  default=false)
                type: boolean
              cluster:
                description: Specifies that app should be deployed to destination
                  cluster; by default, cluster is same as where this resource resides
                  (optional; v0.5.0+)
                properties:
                  kubeconfigSecretRef:
                    description: Specifies secret containing kubeconfig (required)
                    properties:
                      key:
                        description: Specifies key that contains kubeconfig (optional)
                        type: string
                      name:
                        description: Specifies secret name within app's namespace
                          (required)
                        type: string
                    type: object
                  namespace:
                    description: Specifies namespace in destination cluster (optional)
                    type: string
                type: object
              deploy:
                items:
                  properties:
                    kapp:
                      description: Use kapp to deploy resources
                      properties:
                        delete:
                          description: Configuration for delete command (optional)
                          properties:
                            rawOptions:
                              description: Pass through options to kapp delete (optional)
                              items:
                                type: string
                              type: array
                          type: object
                        inspect:
                          description: 'Configuration for inspect command (optional)
                            as of kapp-controller v0.31.0, inspect is disabled by
                            default add rawOptions or use an empty inspect config
                            like `inspect: {}` to enable'
                          properties:
                            rawOptions:
                              description: Pass through options to kapp inspect (optional)
                              items:
                                type: string
                              type: array
                          type: object
                        intoNs:
                          description: Override namespace for all resources (optional)
                          type: string
                        mapNs:
                          description: Provide custom namespace override mapping (optional)
                          items:
                            type: string
                          type: array
                        rawOptions:
                          description: Pass through options to kapp deploy (optional)
                          items:
                            type: string
                          type: array
                      type: object
                  type: object
                type: array
              fetch:
                items:
                  properties:
                    git:
                      description: Uses git to clone repository
                      properties:
                        lfsSkipSmudge:
                          description: Skip lfs download (optional)
                          type: boolean
                        ref:
                          description: Branch, tag, commit; origin is the name of
                            the remote (optional)
                          type: string
                        refSelection:
                          description: Specifies a strategy to resolve to an explicit
                            ref (optional; v0.24.0+)
                          properties:
                            semver:
                              properties:
                                constraints:
                                  type: string
                                prereleases:
                                  properties:
                                    identifiers:
                                      items:
                                        type: string
                                      type: array
                                  type: object
                              type: object
                          type: object
                        secretRef:
                          description: 'Secret with auth details. allowed keys: ssh-privatekey,
                            ssh-knownhosts, username, password (optional) (if ssh-knownhosts
                            is not specified, git will not perform strict host checking)'
                          properties:
                            name:
                              description: Object is expected to be within same namespace
                              type: string
                          type: object
                        subPath:
                          description: Grab only portion of repository (optional)
                          type: string
                        url:
                          description: http or ssh urls are supported (required)
                          type: string
                      type: object
                    helmChart:
                      description: Uses helm fetch to fetch specified chart
                      properties:
                        name:
                          description: 'Example: stable/redis'
                          type: string
                        repository:
                          properties:
                            secretRef:
                              properties:
                                name:
                                  description: Object is expected to be within same
                                    namespace
                                  type: string
                              type: object
                            url:
                              description: Repository url; scheme of oci:// will fetch
                                experimental helm oci chart (v0.19.0+) (required)
                              type: string
                          type: object
                        version:
                          type: string
                      type: object
                    http:
                      description: Uses http library to fetch file
                      properties:
                        secretRef:
                          description: 'Secret to provide auth details (optional)
                            Secret may include one or more keys: username, password'
                          properties:
                            name:
                              description: Object is expected to be within same namespace
                              type: string
                          type: object
                        sha256:
                          description: Checksum to verify after download (optional)
                          type: string
                        subPath:
                          description: Grab only portion of download (optional)
                          type: string
                        url:
                          description: 'URL can point to one of following formats:
                            text, tgz, zip http and https url are supported; plain
                            file, tgz and tar types are supported (required)'
                          type: string
                      type: object
                    image:
                      description: Pulls content from Docker/OCI registry
                      properties:
                        secretRef:
                          description: 'Secret may include one or more keys: username,
                            password, token. By default anonymous access is used for
                            authentication.'
                          properties:
                            name:
                              description: Object is expected to be within same namespace
                              type: string
                          type: object
                        subPath:
                          description: Grab only portion of image (optional)
                          type: string
                        tagSelection:
                          description: Specifies a strategy to choose a tag (optional;
                            v0.24.0+) if specified, do not include a tag in url key
                          properties:
                            semver:
                              properties:
                                constraints:
                                  type: string
                                prereleases:
                                  properties:
                                    identifiers:
                                      items:
                                        type: string
                                      type: array
                                  type: object
                              type: object
                          type: object
                        url:
                          description: 'Docker image url; unqualified, tagged, or
                            digest references supported (required) Example: username/app1-config:v0.1.0'
                          type: string
                      type: object
                    imgpkgBundle:
                      description: Pulls imgpkg bundle from Docker/OCI registry (v0.17.0+)
                      properties:
                        image:
                          description: Docker image url; unqualified, tagged, or digest
                            references supported (required)
                          type: string
                        secretRef:
                          description: 'Secret may include one or more keys: username,
                            password, token. By default anonymous access is used for
                            authentication.'
                          properties:
                            name:
                              description: Object is expected to be within same namespace
                              type: string
                          type: object
                        tagSelection:
                          description: Specifies a strategy to choose a tag (optional;
                            v0.24.0+) if specified, do not include a tag in url key
                          properties:
                            semver:
                              properties:
                                constraints:
                                  type: string
                                prereleases:
                                  properties:
                                    identifiers:
                                      items:
                                        type: string
                                      type: array
                                  type: object
                              type: object
                          type: object
                      type: object
                    inline:
                      description: Pulls content from within this resource; or other
                        resources in the cluster
                      properties:
                        paths:
                          additionalProperties:
                            type: string
                          description: Specifies mapping of paths to their content;
                            not recommended for sensitive values as CR is not encrypted
                            (optional)
                          type: object
                        pathsFrom:
                          description: Specifies content via secrets and config maps;
                            data values are recommended to be placed in secrets (optional)
                          items:
                            properties:
                              configMapRef:
                                properties:
                                  directoryPath:
                                    description: Specifies where to place files found
                                      in secret (optional)
                                    type: string
                                  name:
                                    type: string
                                type: object
                              secretRef:
                                properties:
                                  directoryPath:
                                    description: Specifies where to place files found
                                      in secret (optional)
                                    type: string
                                  name:
                                    type: string
                                type: object
                            type: object
                          type: array
                      type: object
                    path:
                      description: Relative path to place the fetched artifacts
                      type: string
                  type: object
                type: array
              noopDelete:
                description: Deletion requests for the App will result in the App
                  CR being deleted, but its associated resources will not be deleted
                  (optional; default=false; v0.18.0+)
                type: boolean
              paused:
                description: Pauses _future_ reconciliation; does _not_ affect currently
                  running reconciliation (optional; default=false)
                type: boolean
              serviceAccountName:
                description: Specifies that app should be deployed authenticated via
                  given service account, found in this namespace (optional; v0.6.0+)
                type: string
              syncPeriod:
                description: Specifies the length of time to wait, in time + unit
                  format, before reconciling. Always >= 30s. If value below 30s is
                  specified, 30s will be used. (optional; v0.9.0+; default=30s)
                type: string
              template:
                items:
                  properties:
                    cue:
                      properties:
                        inputExpression:
                          description: Cue expression for single path component, can
                            be used to unify ValuesFrom into a given field (optional)
                          type: string
                        outputExpression:
                          description: Cue expression to output, default will export
                            all visible fields (optional)
                          type: string
                        paths:
                          description: Explicit list of files/directories (optional)
                          items:
                            type: string
                          type: array
                        valuesFrom:
                          description: Provide values (optional)
                          items:
                            properties:
                              configMapRef:
                                properties:
                                  name:
                                    type: string
                                type: object
                              downwardAPI:
                                properties:
                                  items:
                                    items:
                                      properties:
                                        fieldPath:
                                          description: 'Required: Selects a field
                                            of the app: only annotations, labels,
                                            uid, name and namespace are supported.'
                                          type: string
                                        kappControllerVersion:
                                          description: 'Optional: Get running KappController
                                            version, defaults (empty) to retrieving
                                            the current running version.. Can be manually
                                            supplied instead.'
                                          properties:
                                            version:
                                              type: string
                                          type: object
                                        kubernetesAPIs:
                                          description: 'Optional: Get running KubernetesAPIs
                                            from cluster, defaults (empty) to retrieving
                                            the APIs from the cluster. Can be manually
                                            supplied instead, e.g ["group/version",
                                            "group2/version2"]'
                                          properties:
                                            groupVersions:
                                              items:
                                                type: string
                                              type: array
                                          type: object
                                        kubernetesVersion:
                                          description: 'Optional: Get running Kubernetes
                                            version from cluster, defaults (empty)
                                            to retrieving the version from the cluster.
                                            Can be manually supplied instead.'
                                          properties:
                                            version:
                                              type: string
                                          type: object
                                        name:
                                          type: string
                                      type: object
                                    type: array
                                type: object
                              path:
                                type: string
                              secretRef:
                                properties:
                                  name:
                                    type: string
                                type: object
                            type: object
                          type: array
                      type: object
                    helmTemplate:
                      description: Use helm template command to render helm chart
                      properties:
                        kubernetesAPIs:
                          description: 'Optional: Use kubernetes group/versions resources
                            available in the live cluster'
                          properties:
                            groupVersions:
                              items:
                                type: string
                              type: array
                          type: object
                        kubernetesVersion:
                          description: 'Optional: Get Kubernetes version, defaults
                            (empty) to retrieving the version from the cluster. Can
                            be manually overridden to a value instead.'
                          properties:
                            version:
                              type: string
                          type: object
                        name:
                          description: Set name explicitly, default is App CR's name
                            (optional; v0.13.0+)
                          type: string
                        namespace:
                          description: Set namespace explicitly, default is App CR's
                            namespace (optional; v0.13.0+)
                          type: string
                        path:
                          description: Path to chart (optional; v0.13.0+)
                          type: string
                        valuesFrom:
                          description: One or more secrets, config maps, paths that
                            provide values (optional)
                          items:
                            properties:
                              configMapRef:
                                properties:
                                  name:
                                    type: string
                                type: object
                              downwardAPI:
                                properties:
                                  items:
                                    items:
                                      properties:
                                        fieldPath:
                                          description: 'Required: Selects a field
                                            of the app: only annotations, labels,
                                            uid, name and namespace are supported.'
                                          type: string
                                        kappControllerVersion:
                                          description: 'Optional: Get running KappController
                                            version, defaults (empty) to retrieving
                                            the current running version.. Can be manually
                                            supplied instead.'
                                          properties:
                                            version:
                                              type: string
                                          type: object
                                        kubernetesAPIs:
                                          description: 'Optional: Get running KubernetesAPIs
                                            from cluster, defaults (empty) to retrieving
                                            the APIs from the cluster. Can be manually
                                            supplied instead, e.g ["group/version",
                                            "group2/version2"]'
                                          properties:
                                            groupVersions:
                                              items:
                                                type: string
                                              type: array
                                          type: object
                                        kubernetesVersion:
                                          description: 'Optional: Get running Kubernetes
                                            version from cluster, defaults (empty)
                                            to retrieving the version from the cluster.
                                            Can be manually supplied instead.'
                                          properties:
                                            version:
                                              type: string
                                          type: object
                                        name:
                                          type: string
                                      type: object
                                    type: array
                                type: object
                              path:
                                type: string
                              secretRef:
                                properties:
                                  name:
                                    type: string
                                type: object
                            type: object
                          type: array
                      type: object
                    jsonnet:
                      description: TODO implement jsonnet
                      type: object
                    kbld:
                      description: Use kbld to resolve image references to use digests
                      properties:
                        paths:
                          items:
                            type: string
                          type: array
                      type: object
                    kustomize:
                      description: TODO implement kustomize
                      type: object
                    sops:
                      description: Use sops to decrypt *.sops.yml files (optional;
                        v0.11.0+)
                      properties:
                        age:
                          properties:
                            privateKeysSecretRef:
                              description: Secret with private armored PGP private
                                keys (required)
                              properties:
                                name:
                                  type: string
                              type: object
                          type: object
                        paths:
                          description: Lists paths to decrypt explicitly (optional;
                            v0.13.0+)
                          items:
                            type: string
                          type: array
                        pgp:
                          description: Use PGP to decrypt files (required)
                          properties:
                            privateKeysSecretRef:
                              description: Secret with private armored PGP private
                                keys (required)
                              properties:
                                name:
                                  type: string
                              type: object
                          type: object
                      type: object
                    ytt:
                      description: Use ytt to template configuration
                      properties:
                        fileMarks:
                          description: Control metadata about input files passed to
                            ytt (optional; v0.18.0+) see https://carvel.dev/ytt/docs/latest/file-marks/
                            for more details
                          items:
                            type: string
                          type: array
                        ignoreUnknownComments:
                          description: Ignores comments that ytt doesn't recognize
                            (optional; default=false)
                          type: boolean
                        inline:
                          description: Specify additional files, including data values
                            (optional)
                          properties:
                            paths:
                              additionalProperties:
                                type: string
                              description: Specifies mapping of paths to their content;
                                not recommended for sensitive values as CR is not
                                encrypted (optional)
                              type: object
                            pathsFrom:
                              description: Specifies content via secrets and config
                                maps; data values are recommended to be placed in
                                secrets (optional)
                              items:
                                properties:
                                  configMapRef:
                                    properties:
                                      directoryPath:
                                        description: Specifies where to place files
                                          found in secret (optional)
                                        type: string
                                      name:
                                        type: string
                                    type: object
                                  secretRef:
                                    properties:
                                      directoryPath:
                                        description: Specifies where to place files
                                          found in secret (optional)
                                        type: string
                                      name:
                                        type: string
                                    type: object
                                type: object
                              type: array
                          type: object
                        paths:
                          description: Lists paths to provide to ytt explicitly (optional)
                          items:
                            type: string
                          type: array
                        strict:
                          description: Forces strict mode https://github.com/k14s/ytt/blob/develop/docs/strict.md
                            (optional; default=false)
                          type: boolean
                        valuesFrom:
                          description: Provide values via ytt's --data-values-file
                            (optional; v0.19.0-alpha.9)
                          items:
                            properties:
                              configMapRef:
                                properties:
                                  name:
                                    type: string
                                type: object
                              downwardAPI:
                                properties:
                                  items:
                                    items:
                                      properties:
                                        fieldPath:
                                          description: 'Required: Selects a field
                                            of the app: only annotations, labels,
                                            uid, name and namespace are supported.'
                                          type: string
                                        kappControllerVersion:
                                          description: 'Optional: Get running KappController
                                            version, defaults (empty) to retrieving
                                            the current running version.. Can be manually
                                            supplied instead.'
                                          properties:
                                            version:
                                              type: string
                                          type: object
                                        kubernetesAPIs:
                                          description: 'Optional: Get running KubernetesAPIs
                                            from cluster, defaults (empty) to retrieving
                                            the APIs from the cluster. Can be manually
                                            supplied instead, e.g ["group/version",
                                            "group2/version2"]'
                                          properties:
                                            groupVersions:
                                              items:
                                                type: string
                                              type: array
                                          type: object
                                        kubernetesVersion:
                                          description: 'Optional: Get running Kubernetes
                                            version from cluster, defaults (empty)
                                            to retrieving the version from the cluster.
                                            Can be manually supplied instead.'
                                          properties:
                                            version:
                                              type: string
                                          type: object
                                        name:
                                          type: string
                                      type: object
                                    type: array
                                type: object
                              path:
                                type: string
                              secretRef:
                                properties:
                                  name:
                                    type: string
                                type: object
                            type: object
                          type: array
                      type: object
                  type: object
                type: array
            type: object
          status:
            properties:
              conditions:
                items:
                  properties:
                    message:
                      description: Human-readable message indicating details about
                        last transition.
                      type: string
                    reason:
                      description: Unique, this should be a short, machine understandable
                        string that gives the reason for condition's last transition.
                        If it reports "ResizeStarted" that means the underlying persistent
                        volume is being resized.
                      type: string
                    status:
                      type: string
                    type:
                      description: ConditionType represents reconciler state
                      type: string
                  required:
                  - status
                  - type
                  type: object
                type: array
              consecutiveReconcileFailures:
                type: integer
              consecutiveReconcileSuccesses:
                type: integer
              deploy:
                properties:
                  error:
                    type: string
                  exitCode:
                    type: integer
                  finished:
                    type: boolean
                  kapp:
                    description: KappDeployStatus contains the associated AppCR deployed
                      resources
                    properties:
                      associatedResources:
                        description: AssociatedResources contains the associated App
                          label, namespaces and GKs
                        properties:
                          groupKinds:
                            items:
                              description: GroupKind specifies a Group and a Kind,
                                but does not force a version.  This is useful for
                                identifying concepts during lookup stages without
                                having partially valid types
                              properties:
                                group:
                                  type: string
                                kind:
                                  type: string
                              required:
                              - group
                              - kind
                              type: object
                            type: array
                          label:
                            type: string
                          namespaces:
                            items:
                              type: string
                            type: array
                        type: object
                    type: object
                  startedAt:
                    format: date-time
                    type: string
                  stderr:
                    type: string
                  stdout:
                    type: string
                  updatedAt:
                    format: date-time
                    type: string
                type: object
              fetch:
                properties:
                  error:
                    type: string
                  exitCode:
                    type: integer
                  startedAt:
                    format: date-time
                    type: string
                  stderr:
                    type: string
                  stdout:
                    type: string
                  updatedAt:
                    format: date-time
                    type: string
                type: object
              friendlyDescription:
                type: string
              inspect:
                properties:
                  error:
                    type: string
                  exitCode:
                    type: integer
                  stderr:
                    type: string
                  stdout:
                    type: string
                  updatedAt:
                    format: date-time
                    type: string
                type: object
              managedAppName:
                type: string
              observedGeneration:
                description: Populated based on metadata.generation when controller
                  observes a change to the resource; if this value is out of data,
                  other status fields do not reflect latest state
                format: int64
                type: integer
              template:
                properties:
                  error:
                    type: string
                  exitCode:
                    type: integer
                  stderr:
                    type: string
                  updatedAt:
                    format: date-time
                    type: string
                type: object
              usefulErrorMessage:
                type: string
            type: object
        required:
        - spec
        type: object
    served: true
    storage: true
    subresources:
      status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: packageinstalls.packaging.carvel.dev
spec:
  group: packaging.carvel.dev
  names:
    categories:
    - carvel
    kind: PackageInstall
    listKind: PackageInstallList
    plural: packageinstalls
    shortNames:
    - pkgi
    singular: packageinstall
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - description: PackageMetadata name
      jsonPath: .spec.packageRef.refName
      name: Package name
      type: string
    - description: PackageMetadata version
      jsonPath: .status.version
      name: Package version
      type: string
    - description: Friendly description
      jsonPath: .status.friendlyDescription
      name: Description
      type: string
    - description: Time since creation
      jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    name: v1alpha1
    schema:
      openAPIV3Schema:
        description: A Package Install is an actual installation of a package and
          its underlying resources on a Kubernetes cluster. It is represented in kapp-controller
          by a PackageInstall CR. A PackageInstall CR must reference a Package CR.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            properties:
              canceled:
                description: Canceled when set to true will stop all active changes
                type: boolean
              cluster:
                description: Specifies that Package should be deployed to destination
                  cluster; by default, cluster is same as where this resource resides
                  (optional)
                properties:
                  kubeconfigSecretRef:
                    description: Specifies secret containing kubeconfig (required)
                    properties:
                      key:
                        description: Specifies key that contains kubeconfig (optional)
                        type: string
                      name:
                        description: Specifies secret name within app's namespace
                          (required)
                        type: string
                    type: object
                  namespace:
                    description: Specifies namespace in destination cluster (optional)
                    type: string
                type: object
              noopDelete:
                description: When NoopDelete set to true, PackageInstall deletion
                  should delete PackageInstall/App CR but preserve App's associated
                  resources.
                type: boolean
              packageRef:
                description: Specifies the name of the package to install (required)
                properties:
                  refName:
                    type: string
                  versionSelection:
                    properties:
                      constraints:
                        type: string
                      prereleases:
                        properties:
                          identifiers:
                            items:
                              type: string
                            type: array
                        type: object
                    type: object
                type: object
              paused:
                description: Paused when set to true will ignore all pending changes,
                  once it set back to false, pending changes will be applied
                type: boolean
              serviceAccountName:
                description: Specifies service account that will be used to install
                  underlying package contents
                type: string
              syncPeriod:
                description: Controls frequency of App reconciliation in time + unit
                  format. Always >= 30s. If value below 30s is specified, 30s will
                  be used.
                type: string
              values:
                description: Values to be included in package's templating step (currently
                  only included in the first templating step) (optional)
                items:
                  properties:
                    secretRef:
                      properties:
                        key:
                          type: string
                        name:
                          type: string
                      type: object
                  type: object
                type: array
            type: object
          status:
            properties:
              conditions:
                items:
                  properties:
                    message:
                      description: Human-readable message indicating details about
                        last transition.
                      type: string
                    reason:
                      description: Unique, this should be a short, machine understandable
                        string that gives the reason for condition's last transition.
                        If it reports "ResizeStarted" that means the underlying persistent
                        volume is being resized.
                      type: string
                    status:
                      type: string
                    type:
                      description: ConditionType represents reconciler state
                      type: string
                  required:
                  - status
                  - type
                  type: object
                type: array
              friendlyDescription:
                type: string
              lastAttemptedVersion:
                description: LastAttemptedVersion specifies what version was last
                  attempted to be installed. It does _not_ indicate it was successfully
                  installed.
                type: string
              observedGeneration:
                description: Populated based on metadata.generation when controller
                  observes a change to the resource; if this value is out of data,
                  other status fields do not reflect latest state
                format: int64
                type: integer
              usefulErrorMessage:
                type: string
              version:
                description: TODO this is desired resolved version (not actually deployed)
                type: string
            type: object
        required:
        - spec
        type: object
    served: true
    storage: true
    subresources:
      status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    packaging.carvel.dev/global-namespace: kapp-controller-packaging-global
  name: packagerepositories.packaging.carvel.dev
spec:
  group: packaging.carvel.dev
  names:
    categories:
    - carvel
    kind: PackageRepository
    listKind: PackageRepositoryList
    plural: packagerepositories
    shortNames:
    - pkgr
    singular: packagerepository
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - description: Time since creation
      jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    - description: Friendly description
      jsonPath: .status.friendlyDescription
      name: Description
      type: string
    name: v1alpha1
    schema:
      openAPIV3Schema:
        description: A package repository is a collection of packages and their metadata.
          Similar to a maven repository or a rpm repository, adding a package repository
          to a cluster gives users of that cluster the ability to install any of the
          packages from that repository.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            properties:
              fetch:
                properties:
                  git:
                    description: Uses git to clone repository containing package list
                    properties:
                      lfsSkipSmudge:
                        description: Skip lfs download (optional)
                        type: boolean
                      ref:
                        description: Branch, tag, commit; origin is the name of the
                          remote (optional)
                        type: string
                      refSelection:
                        description: Specifies a strategy to resolve to an explicit
                          ref (optional; v0.24.0+)
                        properties:
                          semver:
                            properties:
                              constraints:
                                type: string
                              prereleases:
                                properties:
                                  identifiers:
                                    items:
                                      type: string
                                    type: array
                                type: object
                            type: object
                        type: object
                      secretRef:
                        description: 'Secret with auth details. allowed keys: ssh-privatekey,
                          ssh-knownhosts, username, password (optional) (if ssh-knownhosts
                          is not specified, git will not perform strict host checking)'
                        properties:
                          name:
                            description: Object is expected to be within same namespace
                            type: string
                        type: object
                      subPath:
                        description: Grab only portion of repository (optional)
                        type: string
                      url:
                        description: http or ssh urls are supported (required)
                        type: string
                    type: object
                  http:
                    description: Uses http library to fetch file containing packages
                    properties:
                      secretRef:
                        description: 'Secret to provide auth details (optional) Secret
                          may include one or more keys: username, password'
                        properties:
                          name:
                            description: Object is expected to be within same namespace
                            type: string
                        type: object
                      sha256:
                        description: Checksum to verify after download (optional)
                        type: string
                      subPath:
                        description: Grab only portion of download (optional)
                        type: string
                      url:
                        description: 'URL can point to one of following formats: text,
                          tgz, zip http and https url are supported; plain file, tgz
                          and tar types are supported (required)'
                        type: string
                    type: object
                  image:
                    description: Image url; unqualified, tagged, or digest references
                      supported (required)
                    properties:
                      secretRef:
                        description: 'Secret may include one or more keys: username,
                          password, token. By default anonymous access is used for
                          authentication.'
                        properties:
                          name:
                            description: Object is expected to be within same namespace
                            type: string
                        type: object
                      subPath:
                        description: Grab only portion of image (optional)
                        type: string
                      tagSelection:
                        description: Specifies a strategy to choose a tag (optional;
                          v0.24.0+) if specified, do not include a tag in url key
                        properties:
                          semver:
                            properties:
                              constraints:
                                type: string
                              prereleases:
                                properties:
                                  identifiers:
                                    items:
                                      type: string
                                    type: array
                                type: object
                            type: object
                        type: object
                      url:
                        description: 'Docker image url; unqualified, tagged, or digest
                          references supported (required) Example: username/app1-config:v0.1.0'
                        type: string
                    type: object
                  imgpkgBundle:
                    description: Pulls imgpkg bundle from Docker/OCI registry
                    properties:
                      image:
                        description: Docker image url; unqualified, tagged, or digest
                          references supported (required)
                        type: string
                      secretRef:
                        description: 'Secret may include one or more keys: username,
                          password, token. By default anonymous access is used for
                          authentication.'
                        properties:
                          name:
                            description: Object is expected to be within same namespace
                            type: string
                        type: object
                      tagSelection:
                        description: Specifies a strategy to choose a tag (optional;
                          v0.24.0+) if specified, do not include a tag in url key
                        properties:
                          semver:
                            properties:
                              constraints:
                                type: string
                              prereleases:
                                properties:
                                  identifiers:
                                    items:
                                      type: string
                                    type: array
                                type: object
                            type: object
                        type: object
                    type: object
                  inline:
                    description: Pull content from within this resource; or other
                      resources in the cluster
                    properties:
                      paths:
                        additionalProperties:
                          type: string
                        description: Specifies mapping of paths to their content;
                          not recommended for sensitive values as CR is not encrypted
                          (optional)
                        type: object
                      pathsFrom:
                        description: Specifies content via secrets and config maps;
                          data values are recommended to be placed in secrets (optional)
                        items:
                          properties:
                            configMapRef:
                              properties:
                                directoryPath:
                                  description: Specifies where to place files found
                                    in secret (optional)
                                  type: string
                                name:
                                  type: string
                              type: object
                            secretRef:
                              properties:
                                directoryPath:
                                  description: Specifies where to place files found
                                    in secret (optional)
                                  type: string
                                name:
                                  type: string
                              type: object
                          type: object
                        type: array
                    type: object
                type: object
              paused:
                description: Paused when set to true will ignore all pending changes,
                  once it set back to false, pending changes will be applied
                type: boolean
              syncPeriod:
                description: Controls frequency of PackageRepository reconciliation
                type: string
            required:
            - fetch
            type: object
          status:
            properties:
              conditions:
                items:
                  properties:
                    message:
                      description: Human-readable message indicating details about
                        last transition.
                      type: string
                    reason:
                      description: Unique, this should be a short, machine understandable
                        string that gives the reason for condition's last transition.
                        If it reports "ResizeStarted" that means the underlying persistent
                        volume is being resized.
                      type: string
                    status:
                      type: string
                    type:
                      description: ConditionType represents reconciler state
                      type: string
                  required:
                  - status
                  - type
                  type: object
                type: array
              consecutiveReconcileFailures:
                type: integer
              consecutiveReconcileSuccesses:
                type: integer
              deploy:
                properties:
                  error:
                    type: string
                  exitCode:
                    type: integer
                  finished:
                    type: boolean
                  kapp:
                    description: KappDeployStatus contains the associated AppCR deployed
                      resources
                    properties:
                      associatedResources:
                        description: AssociatedResources contains the associated App
                          label, namespaces and GKs
                        properties:
                          groupKinds:
                            items:
                              description: GroupKind specifies a Group and a Kind,
                                but does not force a version.  This is useful for
                                identifying concepts during lookup stages without
                                having partially valid types
                              properties:
                                group:
                                  type: string
                                kind:
                                  type: string
                              required:
                              - group
                              - kind
                              type: object
                            type: array
                          label:
                            type: string
                          namespaces:
                            items:
                              type: string
                            type: array
                        type: object
                    type: object
                  startedAt:
                    format: date-time
                    type: string
                  stderr:
                    type: string
                  stdout:
                    type: string
                  updatedAt:
                    format: date-time
                    type: string
                type: object
              fetch:
                properties:
                  error:
                    type: string
                  exitCode:
                    type: integer
                  startedAt:
                    format: date-time
                    type: string
                  stderr:
                    type: string
                  stdout:
                    type: string
                  updatedAt:
                    format: date-time
                    type: string
                type: object
              friendlyDescription:
                type: string
              observedGeneration:
                description: Populated based on metadata.generation when controller
                  observes a change to the resource; if this value is out of data,
                  other status fields do not reflect latest state
                format: int64
                type: integer
              template:
                properties:
                  error:
                    type: string
                  exitCode:
                    type: integer
                  stderr:
                    type: string
                  updatedAt:
                    format: date-time
                    type: string
                type: object
              usefulErrorMessage:
                type: string
            type: object
        required:
        - spec
        type: object
    served: true
    storage: true
    subresources:
      status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    kapp-controller.carvel.dev/version: v0.45.2
    kbld.k14s.io/images: |
      - origins:
        - local:
            path: /home/runner/work/kapp-controller/kapp-controller
        - git:
            dirty: true
            remoteURL: https://github.com/carvel-dev/kapp-controller
            sha: e3beee23d49899bfc681c9d980c1a3bdc0fa14ac
            tags:
            - v0.45.2
        url: ghcr.io/carvel-dev/kapp-controller@sha256:d5c5b259d10f8a561fe6717a735ceb053ccb13320f55428977d1d8df46b9bc0d
  name: kapp-controller
  namespace: tkg-system
spec:
  replicas: 1
  revisionHistoryLimit: 0
  selector:
    matchLabels:
      app: kapp-controller
  template:
    metadata:
      labels:
        app: kapp-controller
    spec:
      containers:
      - args:
        - -packaging-global-namespace=kapp-controller-packaging-global
        - -enable-api-priority-and-fairness=True
        - -tls-cipher-suites=
        env:
        - name: KAPPCTRL_MEM_TMP_DIR
          value: /etc/kappctrl-mem-tmp
        - name: KAPPCTRL_SIDECAREXEC_SOCK
          value: /etc/kappctrl-mem-tmp/sidecarexec.sock
        - name: KAPPCTRL_SYSTEM_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: KAPPCTRL_API_PORT
          value: "10350"
        image: ghcr.io/carvel-dev/kapp-controller@sha256:d5c5b259d10f8a561fe6717a735ceb053ccb13320f55428977d1d8df46b9bc0d
        name: kapp-controller
        ports:
        - containerPort: 10350
          name: api
          protocol: TCP
        resources:
          requests:
            cpu: 120m
            memory: 100Mi
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          seccompProfile:
            type: RuntimeDefault
        volumeMounts:
        - mountPath: /etc/kappctrl-mem-tmp
          name: template-fs
        - mountPath: /home/kapp-controller
          name: home
      - args:
        - --sidecarexec
        env:
        - name: KAPPCTRL_SIDECAREXEC_SOCK
          value: /etc/kappctrl-mem-tmp/sidecarexec.sock
        - name: IMGPKG_ACTIVE_KEYCHAINS
          value: gke,aks,ecr
        image: ghcr.io/carvel-dev/kapp-controller@sha256:d5c5b259d10f8a561fe6717a735ceb053ccb13320f55428977d1d8df46b9bc0d
        name: kapp-controller-sidecarexec
        resources:
          requests:
            cpu: 120m
            memory: 100Mi
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: false
          runAsNonRoot: true
          seccompProfile:
            type: RuntimeDefault
        volumeMounts:
        - mountPath: /etc/kappctrl-mem-tmp
          name: template-fs
        - mountPath: /home/kapp-controller
          name: home
        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
          name: empty-sa
      serviceAccount: kapp-controller-sa
      volumes:
      - emptyDir:
          medium: Memory
        name: template-fs
      - emptyDir:
          medium: Memory
        name: home
      - emptyDir: {}
        name: empty-sa
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kapp-controller-sa
  namespace: tkg-system